CWE-1422 Detail

CWE-1422

Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution
Incomplete
2024-02-29
00h00 +00:00
2025-12-11
00h00 +00:00
Notifications for a CWE
Stay informed of any changes for a specific CWE.
Notifications manage

Name: Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution

A processor event or prediction may allow incorrect or stale data to be forwarded to transient operations, potentially exposing data over a covert channel.

General Informations

Modes Of Introduction

Architecture and Design

Applicable Platforms

Language

Class: Not Language-Specific (Undetermined)

Operating Systems

Class: Not OS-Specific (Undetermined)

Architectures

Class: Not Architecture-Specific (Undetermined)

Technologies

Class: Not Technology-Specific (Undetermined)

Common Consequences

Scope Impact Likelihood
ConfidentialityRead MemoryMedium

Observed Examples

References Description

CVE-2020-0551

A fault, microcode assist, or abort may allow transient load operations to forward malicious stale data to dependent operations executed by a victim, causing the victim to unintentionally access and potentially expose its own data over a covert channel.

CVE-2020-8698

A fast store forwarding predictor may allow store operations to forward incorrect data to transient load operations, potentially exposing data over a covert channel.

Potential Mitigations

Phases : Architecture and Design
Phases : Requirements
Phases : Requirements
Phases : Requirements
Phases : Build and Compilation
Phases : Build and Compilation
Phases : Build and Compilation
Phases : Build and Compilation
Phases : Build and Compilation
Phases : Documentation

Detection Methods

Automated Static Analysis

Effectiveness : Moderate

Manual Analysis

Effectiveness : Moderate

Automated Analysis

Effectiveness : High

Vulnerability Mapping Notes

Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities
Comment : Use only when the weakness arises from forwarding of incorrect/stale data, and the data is not architecturally restricted (that is, the forwarded data is accessible within the current processor context).

References

REF-1389

You Cannot Always Win the Race: Analyzing the LFENCE/JMP Mitigation for Branch Target Injection
Alyssa Milburn, Ke Sun, Henrique Kawakami.
https://arxiv.org/abs/2203.04277

REF-1390

Speculation
The kernel development community.
https://docs.kernel.org/6.6/staging/speculation.html

REF-1391

LVI : Hijacking Transient Execution through Microarchitectural Load Value Injection
Jo Van Bulck, Daniel Moghimi, Michael Schwarz, Moritz Lipp, Marina Minkin, Daniel Genkin, Yuval Yarom, Berk Sunar, Daniel Gruss, Frank Piessens.
https://lviattack.eu/lvi.pdf

REF-1392

Fast Store Forwarding Predictor
Intel Corporation.
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/fast-store-forwarding-predictor.html

REF-1393

Security Analysis Of AMD Predictive Store Forwarding
AMD.
https://www.amd.com/system/files/documents/security-analysis-predictive-store-forwarding.pdf

Submission

Name Organization Date Date release Version
Scott D. Constable Intel Corporation 2023-09-19 +00:00 2024-02-29 +00:00 4.14

Modifications

Name Organization Date Comment
CWE Content Team MITRE 2025-12-11 +00:00 updated Weakness_Ordinalities