Tag Archives: Information Exposure through Microarchitectural State after Transient Execution

CWE-1342 – Information Exposure through Microarchitectural State after Transient Execution

Read Time:52 Second

Description

The processor does not properly clear microarchitectural state after incorrect microcode assists or speculative execution, resulting in transient execution.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-226
CWE-226

 

Consequences

Confidentiality, Integrity: Modify Memory, Read Memory, Execute Unauthorized Code or Commands

 

Potential Mitigations

Phase: Architecture and Design, Requirements

Effectiveness: High

Description: 

Hardware ensures that no illegal data flows from faulting micro-ops exists at the microarchitectural level.

Being implemented in silicon it is expected to fully address the known weaknesses with limited performance impact.

Phase: Build and Compilation

Effectiveness: High

Description: 

Include instructions that explicitly remove traces of unneeded computations from software interactions with microarchitectural elements e.g. lfence, sfence, mfence, clflush.

This effectively forces the processor to complete each memory access before moving on to the next operation. This may have a large performance impact.

CVE References

  • CVE-2020-0551
    • Load value injection in some processors utilizing speculative execution may allow an authenticated user to enable information disclosure via a side-channel with local access.