This archive is a GhostRace proof of concept exploit exemplifying the concept of a speculative race condition in a step-by-step single-threaded fashion. Coccinelle scripts are used to scan the Linux kernel version 5.15.83 for Speculative Concurrent Use-After-Free (SCUAF) gadgets.
37e02a934f238521d1f775356b1e8c43d4c6a81948b9dad1162cc1387ca9c199
Race conditions arise when multiple threads attempt to access a shared resource without proper synchronization, often leading to vulnerabilities such as concurrent use-after-free. To mitigate their occurrence, operating systems rely on synchronization primitives such as mutexes, spinlocks, etc. In this paper, the authors present GhostRace, the first security analysis of these primitives on speculatively executed code paths. Their key finding is that all the common synchronization primitives can be microarchitecturally bypassed on speculative paths, turning all architecturally race-free critical regions into Speculative Race Conditions (SRCs).
e0d3a753ac273a430c317cd67e808c20b6cdd914b31b24e71450d5fb4ad420af