CWE-1421 Detail

CWE-1421

Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution
Incomplete
2024-02-29
00h00 +00:00
2025-12-11
00h00 +00:00
CWE Mitre.org
Notifications for a CWE
Stay informed of any changes for a specific CWE.
Notifications manage

Name: Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution

A processor event may allow transient operations to access architecturally restricted data (for example, in another address space) in a shared microarchitectural structure (for example, a CPU cache), potentially exposing the data over a covert channel. a

CWE Description

Array

General Informations

Modes Of Introduction

Architecture and Design : Array
Implementation : Array
System Configuration : Array
Architecture and Design : Array

Applicable Platforms

Language

Class: Not Language-Specific (Undetermined)

Operating Systems

Class: Not OS-Specific (Undetermined)

Architectures

Class: Not Architecture-Specific (Undetermined)

Technologies

Class: Not Technology-Specific (Undetermined)

Common Consequences

Scope Impact Likelihood
ConfidentialityRead Memory

Note: Array		Medium

Observed Examples

References Description

CVE-2017-5715

A fault may allow transient user-mode operations to access kernel data cached in the L1D, potentially exposing the data over a covert channel.

CVE-2018-3615

A fault may allow transient non-enclave operations to access SGX enclave data cached in the L1D, potentially exposing the data over a covert channel.

CVE-2019-1135

A TSX Asynchronous Abort may allow transient operations to access architecturally restricted data, potentially exposing the data over a covert channel.

Potential Mitigations

Phases : Architecture and Design
Phases : Architecture and Design
Phases : Architecture and Design
Phases : Architecture and Design
Phases : Architecture and Design
Phases : Build and Compilation
Phases : Build and Compilation
Phases : Implementation
Phases : System Configuration
Phases : System Configuration
Phases : Patching and Maintenance
Phases : Patching and Maintenance
Phases : Requirements

Detection Methods

Manual Analysis

Effectiveness : Moderate

Automated Analysis

Effectiveness : Moderate

Automated Analysis

Effectiveness : High

Fuzzing

Academic researchers have demonstrated that this weakness can be detected in hardware using software fuzzing tools that treat the underlying hardware as a black box ([REF-1406], [REF-1430])
Effectiveness : Opportunistic

Vulnerability Mapping Notes

Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities
Comment : If a weakness can potentially be exploited to infer data that is accessible inside or outside the current processor context, then the weakness could map to CWE-1421 and to another CWE such as CWE-1420.

References

REF-1404

Page Table Isolation (PTI)
The kernel development community.
https://kernel.org/doc/html/next/x86/pti.html

REF-1405

RIDL: Rogue In-Flight Data Load
Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Giorgi Maisuradze, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida.
https://mdsattacks.com/files/ridl.pdf

REF-1406

Downfall: Exploiting Speculative Data Gathering
Daniel Moghimi.
https://www.usenix.org/system/files/usenixsecurity23-moghimi.pdf

REF-1401

Hardware Security Leak Detection by Symbolic Simulation
Neta Bar Kama, Roope Kaivola.
https://ieeexplore.ieee.org/document/9617727

REF-1408

Meltdown: Reading Kernel Memory from User Space
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg.
https://meltdownattack.com/meltdown.pdf

REF-1409

Microarchitectural Data Sampling
Intel Corporation.
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/intel-analysis-microarchitectural-data-sampling.html

REF-1410

Cache Speculation Side-channels
ARM.
https://armkeil.blob.core.windows.net/developer/Files/pdf/Cache_Speculation_Side-channels.pdf

REF-1411

Rogue System Register Read/CVE-2018-3640/INTEL-SA-00115
Intel Corporation.
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/rogue-system-register-read.html

REF-1400

Refined Speculative Execution Terminology
Intel Corporation.
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/refined-speculative-execution-terminology.html

REF-1389

You Cannot Always Win the Race: Analyzing the LFENCE/JMP Mitigation for Branch Target Injection
Alyssa Milburn, Ke Sun, Henrique Kawakami.
https://arxiv.org/abs/2203.04277

REF-1430

Medusa: Microarchitectural: Data Leakage via Automated Attack Synthesis
Daniel Moghimi, Moritz Lipp, Berk Sunar, Michael Schwarz.
https://www.usenix.org/conference/usenixsecurity20/presentation/moghimi-medusa

REF-1417

InvisiSpec: making speculative execution invisible in the cache hierarchy.
Mengjia Yan, Jiho Choi, Dimitrios Skarlatos, Adam Morrison, Christopher W. Fletcher, Josep Torrella.
https://iacoma.cs.uiuc.edu/iacoma-papers/micro18.pdf

REF-1418

Port Contention for Fun and Profit
Alejandro Cabrera Aldaya, Billy Bob Brumley, Sohaib ul Hassan, Cesar Pereida García, Nicola Tuveri.
https://eprint.iacr.org/2018/1060.pdf

REF-1419

Speculative Interference Attacks: Breaking Invisible Speculation Schemes
Mohammad Behnia, Prateek Sahu, Riccardo Paccagnella, Jiyong Yu, Zirui Zhao, Xiang Zou, Thomas Unterluggauer, Josep Torrellas, Carlos Rozas, Adam Morrison, Frank Mckeen, Fangfei Liu, Ron Gabor, Christopher W. Fletcher, Abhishek Basak, Alaa Alameldeen.
https://arxiv.org/abs/2007.11818

REF-1420

Spectre is here to stay: An analysis of side-channels and speculative execution
Ross Mcilroy, Jaroslav Sevcik, Tobias Tebbi, Ben L. Titzer, Toon Verwaest.
https://arxiv.org/pdf/1902.05178

Submission

Name Organization Date Date release Version
Scott D. Constable Intel Corporation 2023-09-19 +00:00 2024-02-29 +00:00 4.14

Modifications

Name Organization Date Comment
CWE Content Team MITRE 2025-09-09 +00:00 updated References, Relationships
CWE Content Team MITRE 2025-12-11 +00:00 updated References, Weakness_Ordinalities
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.