SB2024080142 - Speculative race condition in BIG-IP Next Central Manager
Published: August 1, 2024 Updated: December 12, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Resource exhaustion (CVE-ID: CVE-2024-26602)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper resource management in kernel/sched/membarrier.c. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
2) Race condition (CVE-ID: CVE-2024-2193)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a speculative race condition. A local user can exploit the race and gain unauthorized access to contents of arbitrary host memory, including memory assigned to other guests.
The vulnerability was dubbed GhostRace.
3) Authentication bypass using an alternate path or channel (CVE-ID: CVE-2023-46747)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper authentication in the Configuration utility. A remote non-authenticated attacker can send a specially crafted requests to the system, bypass authentication and execute arbitrary commands on the device.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.