CWE-1422
Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution
Incomplete
2024-02-29
00h00 +00:00
00h00 +00:00
2025-12-11
00h00 +00:00
00h00 +00:00
Notifications pour un CWE
Restez informé de toutes modifications pour un CWE spécifique.
Nom: Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution
A processor event or prediction may allow incorrect or stale data to
be forwarded to transient operations, potentially exposing data over a
covert channel.
Informations générales
Modes d'introduction
Architecture and DesignPlateformes applicables
Langue
Class: Not Language-Specific (Undetermined)Systèmes d’exploitation
Class: Not OS-Specific (Undetermined)Architectures
Class: Not Architecture-Specific (Undetermined)Technologies
Class: Not Technology-Specific (Undetermined)Conséquences courantes
| Portée | Impact | Probabilité |
|---|---|---|
| Confidentiality | Read Memory | Medium |
Exemples observés
| Références | Description |
|---|---|
CVE-2020-0551 | A fault, microcode assist, or abort may allow transient load operations to forward malicious stale data to dependent operations executed by a victim, causing the victim to unintentionally access and potentially expose its own data over a covert channel. |
CVE-2020-8698 | A fast store forwarding predictor may allow store operations to forward incorrect data to transient load operations, potentially exposing data over a covert channel. |
Mesures d’atténuation potentielles
Phases : Architecture and DesignPhases : Requirements
Phases : Requirements
Phases : Requirements
Phases : Build and Compilation
Phases : Build and Compilation
Phases : Build and Compilation
Phases : Build and Compilation
Phases : Build and Compilation
Phases : Documentation
Méthodes de détection
Automated Static Analysis
Efficacité : ModerateManual Analysis
Efficacité : ModerateAutomated Analysis
Efficacité : HighNotes de cartographie des vulnérabilités
Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilitiesCommentaire : Use only when the weakness arises from forwarding of incorrect/stale data, and the data is not architecturally restricted (that is, the forwarded data is accessible within the current processor context).
Références
REF-1389
You Cannot Always Win the Race: Analyzing the LFENCE/JMP Mitigation for Branch Target InjectionAlyssa Milburn, Ke Sun, Henrique Kawakami.
https://arxiv.org/abs/2203.04277
REF-1390
SpeculationThe kernel development community.
https://docs.kernel.org/6.6/staging/speculation.html
REF-1391
LVI : Hijacking Transient Execution through Microarchitectural Load Value InjectionJo Van Bulck, Daniel Moghimi, Michael Schwarz, Moritz Lipp, Marina Minkin, Daniel Genkin, Yuval Yarom, Berk Sunar, Daniel Gruss, Frank Piessens.
https://lviattack.eu/lvi.pdf
REF-1392
Fast Store Forwarding PredictorIntel Corporation.
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/fast-store-forwarding-predictor.html
REF-1393
Security Analysis Of AMD Predictive Store ForwardingAMD.
https://www.amd.com/system/files/documents/security-analysis-predictive-store-forwarding.pdf
Soumission
| Nom | Organisation | Date | Date de publication | Version |
|---|---|---|---|---|
| Scott D. Constable | Intel Corporation | 4.14 |
Modifications
| Nom | Organisation | Date | Commentaire |
|---|---|---|---|
| CWE Content Team | MITRE | updated Weakness_Ordinalities |
