Description
The processor does not properly clear microarchitectural state after incorrect microcode assists or speculative execution, resulting in transient execution.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
CWE-226
CWE-226
Consequences
Confidentiality, Integrity: Modify Memory, Read Memory, Execute Unauthorized Code or Commands
Potential Mitigations
Phase: Architecture and Design, Requirements
Effectiveness: High
Description:
Hardware ensures that no illegal data flows from faulting micro-ops exists at the microarchitectural level.
Being implemented in silicon it is expected to fully address the known weaknesses with limited performance impact.
Phase: Build and Compilation
Effectiveness: High
Description:
Include instructions that explicitly remove traces of unneeded computations from software interactions with microarchitectural elements e.g. lfence, sfence, mfence, clflush.
This effectively forces the processor to complete each memory access before moving on to the next operation. This may have a large performance impact.
CVE References
- CVE-2020-0551
- Load value injection in some processors utilizing speculative execution may allow an authenticated user to enable information disclosure via a side-channel with local access.
