Modes Of Introduction
Architecture and Design
Applicable Platforms
Language
Class: Not Language-Specific (Undetermined)
Operating Systems
Class: Not OS-Specific (Undetermined)
Architectures
Class: Not Architecture-Specific (Undetermined)
Technologies
Class: Not Technology-Specific (Undetermined)
Common Consequences
| Scope |
Impact |
Likelihood |
| Confidentiality | Read Memory | Medium |
Observed Examples
| References |
Description |
| A fault, microcode assist, or abort may allow transient
load operations to forward malicious stale data to dependent
operations executed by a victim, causing the victim to unintentionally
access and potentially expose its own data over a covert channel.
|
| A fast store forwarding predictor may allow store
operations to forward incorrect data to transient load operations,
potentially exposing data over a covert channel.
|
Potential Mitigations
Phases : Architecture and Design
Phases : Requirements
Phases : Requirements
Phases : Requirements
Phases : Build and Compilation
Phases : Build and Compilation
Phases : Build and Compilation
Phases : Build and Compilation
Phases : Build and Compilation
Phases : Documentation
Detection Methods
Automated Static Analysis
Effectiveness : Moderate
Manual Analysis
Effectiveness : Moderate
Automated Analysis
Effectiveness : High
Vulnerability Mapping Notes
Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities
Comment : Use only when the weakness arises from forwarding of
incorrect/stale data, and the data is not architecturally
restricted (that is, the forwarded data is accessible within the current processor context).
References
REF-1389
You Cannot Always Win the Race: Analyzing the LFENCE/JMP Mitigation for Branch Target Injection
Alyssa Milburn, Ke Sun, Henrique Kawakami.
https://arxiv.org/abs/2203.04277 REF-1390
Speculation
The kernel development community.
https://docs.kernel.org/6.6/staging/speculation.html REF-1391
LVI : Hijacking Transient Execution through Microarchitectural Load Value Injection
Jo Van Bulck, Daniel Moghimi, Michael Schwarz, Moritz Lipp, Marina Minkin, Daniel Genkin, Yuval Yarom, Berk Sunar, Daniel Gruss, Frank Piessens.
https://lviattack.eu/lvi.pdf REF-1392
Fast Store Forwarding Predictor
Intel Corporation.
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/fast-store-forwarding-predictor.html REF-1393
Security Analysis Of AMD Predictive Store Forwarding
AMD.
https://www.amd.com/system/files/documents/security-analysis-predictive-store-forwarding.pdf
Submission
| Name |
Organization |
Date |
Date release |
Version |
| Scott D. Constable |
Intel Corporation |
2023-09-19 +00:00 |
2024-02-29 +00:00 |
4.14 |
Modifications
| Name |
Organization |
Date |
Comment |
| CWE Content Team |
MITRE |
2025-12-11 +00:00 |
updated Weakness_Ordinalities |