fbpx
Wikipedia

Transient execution CPU vulnerability

January 01, 1970

Main articles: Downfall (security vulnerability), Foreshadow, Lazy FP state restore, Load value injection, Meltdown (security vulnerability), Microarchitectural Data Sampling, Retbleed, Spectre (security vulnerability), Speculative Store Bypass, and SWAPGS (security vulnerability)

Transient execution CPU vulnerabilities are vulnerabilities in a computer system in which a speculative execution optimization implemented in a microprocessor is exploited to leak secret data to an unauthorized party. The archetype is Spectre, and transient execution attacks like Spectre belong to the cache-attack category, one of several categories of side-channel attacks. Since January 2018 many different cache-attack vulnerabilities have been identified.

Overview edit

Modern computers are highly parallel devices, composed of components with very different performance characteristics. If an operation (such as a branch) cannot yet be performed because some earlier slow operation (such as a memory read) has not yet completed, a microprocessor may attempt to predict the result of the earlier operation and execute the later operation speculatively, acting as if the prediction was correct. The prediction may be based on recent behavior of the system. When the earlier, slower operation completes, the microprocessor determines whether prediction was correct or incorrect. If it was correct then execution proceeds uninterrupted; if it was incorrect then the microprocessor rolls back the speculatively executed operations and repeats the original instruction with the real result of the slow operation. Specifically, a transient instruction[1] refers to an instruction processed by error by the processor (incriminating the branch predictor in the case of Spectre) which can affect the micro-architectural state of the processor, leaving the architectural state without any trace of its execution.

In terms of the directly visible behavior of the computer it is as if the speculatively executed code "never happened". However, this speculative execution may affect the state of certain components of the microprocessor, such as the cache, and this effect may be discovered by careful monitoring of the timing of subsequent operations.

If an attacker can arrange that the speculatively executed code (which may be directly written by the attacker, or may be a suitable gadget that they have found in the targeted system) operates on secret data that they are unauthorized to access, and has a different effect on the cache for different values of the secret data, they may be able to discover the value of the secret data.

Timeline edit

2017–2018 edit

Starting in 2017, multiple examples of such vulnerabilities were identified, with publication starting in early 2018.

2021 edit

In March 2021 AMD security researchers discovered that the Predictive Store Forwarding algorithm in Zen 3 CPUs could be used by malicious applications to access data it shouldn't be accessing.[2] According to Phoronix there's little performance impact in disabling the feature.[3]

In June 2021, two new vulnerabilities, Speculative Code Store Bypass (SCSB, CVE-2021-0086) and Floating Point Value Injection (FPVI, CVE-2021-0089), affecting all modern x86-64 CPUs both from Intel and AMD were discovered.[4] In order to mitigate them software has to be rewritten and recompiled. ARM CPUs are not affected by SCSB but some certain ARM architectures are affected by FPVI.[5]

In August 2021 a vulnerability called "Transient Execution of Non-canonical Accesses" affecting certain AMD CPUs was disclosed.[6][7][8] It requires the same mitigations as the MDS vulnerability affecting certain Intel CPUs.[9] It was assigned CVE-2020-12965. Since most x86 software is already patched against MDS and this vulnerability has the exact same mitigations, software vendors don't have to address this vulnerability.

In October 2021 for the first time ever a vulnerability similar to Meltdown was disclosed[10][11] to be affecting all AMD CPUs however the company doesn't think any new mitigations have to be applied and the existing ones are already sufficient.[12]

2022 edit

In March 2022, a new variant of the Spectre vulnerability called Branch History Injection was disclosed.[13][14] It affects certain ARM64 CPUs[15] and the following Intel CPU families: Cascade Lake, Ice Lake, Tiger Lake and Alder Lake. According to Linux kernel developers AMD CPUs are also affected.[16]

In March 2022, a vulnerability affecting a wide range of AMD CPUs was disclosed under CVE-2021-26341.[17][18]

In June 2022, multiple MMIO Intel CPUs vulnerabilities related to execution in virtual environments were announced.[19] The following CVEs were designated: CVE-2022-21123, CVE-2022-21125, CVE-2022-21166.

In July 2022, the Retbleed vulnerability was disclosed affecting Intel Core 6 to 8th generation CPUs and AMD Zen 1, 1+ and 2 generation CPUs. Newer Intel microarchitectures as well as AMD starting with Zen 3 are not affected. The mitigations for the vulnerability decrease the performance of the affected Intel CPUs by up to 39%, while AMD CPUs lose up to 14%.

In August 2022, the SQUIP vulnerability was disclosed affecting Ryzen 2000–5000 series CPUs.[20] According to AMD the existing mitigations are enough to protect from it.[21]

According to a Phoronix review released in October, 2022 Zen 4/Ryzen 7000 CPUs are not slowed down by mitigations, in fact disabling them leads to a performance loss.[22][23]

2023 edit

In February 2023 a vulnerability affecting a wide range of AMD CPU architectures called "Cross-Thread Return Address Predictions" was disclosed.[24][25][26]

In July 2023 a critical vulnerability in the Zen 2 AMD microarchitecture called Zenbleed was made public.[27][1] AMD released a microcode update to fix it.[28]

In August 2023 a vulnerability in AMD's Zen 1, Zen 2, Zen 3, and Zen 4 microarchitectures called Inception[29][30] was revealed and assigned CVE-2023-20569. According to AMD it is not practical but the company will release a microcode update for the affected products.

Also in August 2023 a new vulnerability called Downfall or Gather Data Sampling was disclosed,[31][32][33] affecting Intel CPU Skylake, Cascade Lake, Cooper Lake, Ice Lake, Tiger Lake, Amber Lake, Kaby Lake, Coffee Lake, Whiskey Lake, Comet Lake & Rocket Lake CPU families. Intel will release a microcode update for affected products.

The SLAM[34][35][36][37] vulnerability (Spectre based on Linear Address Masking) reported in 2023 neither has received a corresponding CVE, nor has been confirmed or mitigated against.

2024 edit

In March 2024, a variant of Spectre-V1 attack called GhostRace was published.[38] It was claimed it affected all the major microarchitectures and vendors, including Intel, AMD and ARM. It was assigned CVE-2024-2193. AMD dismissed the vulnerability (calling it "Speculative Race Conditions (SRCs)") claiming that existing mitigations were enough.[39] Linux kernel developers chose not to add mitigations citing performance concerns.[40] The Xen hypervisor project released patches to mitigate the vulnerability but it's not enabled by default.[41]

Also in March 2024, a vulnerability in Intel Atom processors called Register File Data Sampling (RFDS) was revealed.[42] It was assigned CVE-2023-28746. Its mitigations incur a slight performance degradation.[43]

In April 2024, it was revealed that the BHI vulnerability in certain Intel CPU families could be still exploited in Linux entirely in user space without using any kernel features or root access despite existing mitigations.[44][45][46] Intel recommended "additional software hardening".[47] The attack was assigned a new CVE-2024-2201.

Future edit

Spectre class vulnerabilities will remain unfixed because otherwise CPU designers will have to disable speculative execution which will entail a massive performance loss.[citation needed] Despite this, AMD has managed to design Zen 4 such a way its performance is not affected by mitigations.[22][23]

Vulnerabilities and mitigations summary edit

Mitigation Type Comprehensiveness Effectiveness Performance Impact
Hardware Full Full None...Small
Microcode Partial...Full Partial...Full None...Large
OS/VMM Partial Partial...Full Small...Large
Software Recompilation Poor Partial...Full Medium...Large

Hardware mitigations require changes to the CPU design and thus a new iteration of hardware, but impose close to zero performance loss.
Microcode updates alter the software that the CPU runs on which requires patches to be released for each affected CPU and integrated into every BIOS / operating system.
OS/VMM mitigations are applied at the operating system or virtual machine level and (depending on workload) often incur quite a significant performance loss.
Software recompilation requires recompiling lots of pieces of software and usually incurs a severe performance hit.

Vulnerability Name(s)/Subname
Official Name/Subname 		CVE Affected CPU architectures and mitigations
Intel[48] AMD[49]
10th gen 9th gen 8th gen* Zen / Zen+ Zen 2[50]
Ice Lake[51] Cascade/Comet/
Amber Lake 		Coffee Lake[52] Whiskey Lake Coffee Lake,
Amber Lake
Spectre v1
Bounds Check Bypass 		2017-5753 Software Recompilation[53]
v2
Branch Target Injection[54] 		2017-5715 Hardware + OS/VMM /
Software Recompilation 		Microcode + ... Microcode + OS/VMM /
Software Recompilation 		Hardware + OS/VMM /
Software Recompilation
Hardware + ...[a]
Meltdown / v3
Rogue Data Cache Load 		2017-5754 Hardware OS Not affected
Spectre-NG v3a
Rogue System Register Read 		2018-3640 Hardware Hardware Microcode Microcode Microcode
Microcode[b] Hardware[a]
v4
Speculative Store Bypass[55] 		2018-3639 [Hardware + OS / ]
Software Recompilation 		... [Microcode + OS / ]
Software Recompilation 		OS/VMM Hardware + OS/VMM
...[a]
Lazy FP State Restore 2018-3665 OS/VMM[56] Not affected
v1.1
Bounds Check Bypass Store 		2018-3693 Software Recompilation[57]
SpectreRSB[58]/ret2spec[59]
Return Mispredict 		2018-15572 OS[60]
Foreshadow
L1 Terminal Fault (L1TF)[61] 		SGX 2018-3615 Not affected Microcode Not affected
OS/SMM 2018-3620 Microcode + OS/VMM
VMM 2018-3646
Microarchitectural Data Sampling (MDS)[62][63] RIDL ZombieLoad
Fill Buffer (MFBDS) 		2018-12130 Microcode + OS
Load Port (MLPDS) 2018-12127 Hardware Microcode + OS/VMM[c]
Hardware[a]
Fallout
Store Buffer (MSBDS) 		2018-12126 Hardware + Microcode[64][65] Microcode + OS/VMM[c] Microcode + OS/VMM
Hardware[a]
RIDL Uncacheable Memory (MDSUM) 2019-11091 Same as the buffer having entries
SWAPGS[66][67][68] 2019-1125 OS
RIDL
(Rogue In-Flight Data Load) 		ZombieLoad v2[69][70]
TSX Asynchronous Abort (TAA)[71][72] 		2019-11135 Hardware[d] Microcode + OS/VMM Existing MDS mitigations Existing MDS mitigations
TSX not supported[b] Microcode + OS/VMM[a]
ZombieLoad/CacheOut
L1D Eviction Sampling (L1DES)[73][74][75] 		2020-0549 Not affected Microcode Microcode
Not affected[b]
Vector Register Sampling (VRS)[74][75] 2020-0548 Microcode
Not affected[b]
Load Value Injection (LVI)[76][77][78][79] 2020-0551 Software Recompilation (mainly for Intel SGX)
CROSSTalk[80]
Special Register Buffer Data Sampling (SRBDS)[81] 		2020-0543 Microcode[e] Microcode
Not affected
Branch History Injection (BHI)[82]
and other forms of intra-mode BTI 		2022-0001
 
-0002 		Software Recompilation Not affected Not affected
Software Recompilation[a]
MMIO Stale Data[83] Shared Buffers Data Read (SBDR)
Shared Buffers Data Sampling (SBDS) 		2022-21123
2022-21125 		Not affected[f] Microcode + Software Recompilation Software Recompilation Not affected
Microcode + Software Recompilation[g]
Device Register Partial Write (DRPW) 2022-21166 Microcode Existing MDS mitigations
Branch Type Confusion (BTC)[84] Phantom[85] BTC-NOBR
BTC-DIR 		2022-23825 Not affected OS/VMM
BTC-IND Existing Spectre v2 mitigations
Retbleed[86][87][88][89]
BTC-RET 		2022-29900
 
-29901 		Not affected OS/VMM OS/VMM OS/VMM /
Software Recompilation
Not affected[a]
Cross-Thread Return Address Predictions[25][24] 2022-27672 Not affected OS/VMM
Zenbleed[90]
Cross-Process Information Leak[91][92] 		2023-20593 Not affected Microcode
Inception[85][29][93]
Speculative Return Stack Overflow (SRSO) 		2023-20569 Not affected OS/VMM
Downfall[32][33]
Gather Data Sampling (GDS)[31] 		2022-40982 Microcode Not affected

The 8th generation Coffee Lake architecture in this table also applies to a wide range of previously released Intel CPUs, not limited to the architectures based on Intel Core, Pentium 4 and Intel Atom starting with Silvermont.[94][95] Various CPU microarchitectures not included above are also affected, among them are ARM, IBM Power, MIPS and others.[96][97][98][99]

Notes edit

  1. ^ a b c d e f g h Whiskey Lake stepping C[48]
    Coffee Lake stepping D
  2. ^ a b c d Comet Lake except U42 (CPUID 806EC)[48]
  3. ^ a b Cascade Lake stepping 5[62]
  4. ^ Ice Lake Xeon-SP (CPUID 606A*)[48]
  5. ^ Comet Lake U42
    Amber Lake     (CPUID 806EC)[48]
  6. ^ Cascade Lake[48]
  7. ^ Ice Lake Core family (CPUID 706E5)[48]

References edit

  1. ^ Kocher, Paul; Horn, Jann; Fogh, Anders; Genkin, Daniel; Gruss, Daniel. "Spectre Attacks: Exploiting Speculative Execution" (PDF). Retrieved 2020-04-16.
  2. ^ Cutress, Ian. "AMD Issues Updated Speculative Spectre Security Status: Predictive Store Forwarding". www.anandtech.com. Retrieved 2021-04-08.
  3. ^ "Benchmarking AMD Zen 3 With Predictive Store Forwarding Disabled - Phoronix". www.phoronix.com. Retrieved 2021-04-08.
  4. ^ "Rage Against the Machine Clear". VUSec. Retrieved 2021-06-29.
  5. ^ "Speculative Processor Vulnerability | Frequently asked questions". Arm Developer. Retrieved 2021-06-29.
  6. ^ "Transient Execution of Non-canonical Accesses".
  7. ^ Musaev, Saidgani; Fetzer, Christof (2021). "Transient Execution of Non-Canonical Accesses". arXiv:2108.10771 [cs.CR].
  8. ^ Francisco, Thomas Claburn in San. "Boffins find if you torture AMD Zen+, Zen 2 CPUs enough, they are vulnerable to Meltdown-like attack". www.theregister.com. Retrieved 2021-09-05.
  9. ^ https://developer.amd.com/wp-content/resources/90343-D_SoftwareTechniquesforManagingSpeculation_WP_9-20Update_R2.pdf [bare URL PDF]
  10. ^ Lipp, Moritz; Gruss, Daniel; Schwarz, Michael (2021-10-19). "AMD Prefetch Attacks through Power and Time". USENIX Security Symposium.
  11. ^ "AMD Prefetch Attacks through Power and Time" (PDF).
  12. ^ "Side-channels Related to the x86 PREFETCH Instruction".
  13. ^ "Branch History Injection". VUSec. Retrieved 2022-03-08.
  14. ^ "BHI: The Newest Spectre Vulnerability Affecting Intel & Arm CPUs". www.phoronix.com. Retrieved 2022-03-08.
  15. ^ Ltd, Arm. "Speculative Processor Vulnerability | Spectre-BHB". Arm Developer. Retrieved 2022-03-11.
  16. ^ "Linux Lands Mitigations For Spectre-BHB / BHI On Intel & Arm, Plus An AMD Change Too". www.phoronix.com. Retrieved 2022-03-08.
  17. ^ "grsecurity - The AMD Branch (Mis)predictor Part 2: Where No CPU has Gone Before (CVE-2021-26341)". grsecurity.net. Retrieved 2022-03-11.
  18. ^ "AMD CPUs May Transiently Execute Beyond Unconditional Direct Branch".
  19. ^ "oss-security - Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities". www.openwall.com. Retrieved 2022-06-19.
  20. ^ "AMD Details "SQUIP" Side Channel Vulnerability For Zen's Execution Unit Scheduler". www.phoronix.com. Retrieved 2022-08-10.
  21. ^ "Execution Unit Scheduler Contention Side-Channel Vulnerability on AMD Processors".
  22. ^ a b "With AMD Zen 4, It's Surprisingly Not Worthwhile Disabling CPU Security Mitigations". www.phoronix.com. Retrieved 2022-10-07.
  23. ^ a b "Disabling Spectre V2 Mitigations Is What Can Impair AMD Ryzen 7000 Series Performance". www.phoronix.com. Retrieved 2022-10-07.
  24. ^ a b "[FYI PATCH 0/3] Cross-Thread Return Address Predictions vulnerability [LWN.net]". lwn.net. Retrieved 2023-02-14.
  25. ^ a b "Cross-Thread Return Address Predictions | AMD". February 14, 2022. Retrieved 2023-08-11.
  26. ^ "oss-sec: Xen Security Advisory 426 v1 (CVE-2022-27672) - x86: Cross-Thread Return Address Predictions". seclists.org. Retrieved 2023-02-15.
  27. ^ Paul Alcorn (2023-07-24). "AMD 'Zenbleed' Bug Allows Data Theft From Zen 2 Processors, Patches Coming". Tom's Hardware. Retrieved 2023-07-24.
  28. ^ "Cross-Process Information Leak". amd.com. 2023-07-24. Retrieved 2023-07-27.
  29. ^ a b "Return Address Security Bulletin". amd.com. 2023-08-08. Retrieved 2023-08-08.
  30. ^ "New Inception attack leaks sensitive data from all AMD Zen CPUs". BleepingComputer. Retrieved 2023-08-09.
  31. ^ a b "Gather Data Sampling". Intel. Retrieved 2023-08-09.
  32. ^ a b "Downfall". Downfall Attacks. Retrieved 2023-08-09.
  33. ^ a b "Downfall and Zenbleed: Googlers helping secure the ecosystem". Google Online Security Blog. Retrieved 2023-08-09.
  34. ^ "SLAM: Spectre based on Linear Address Masking". vusec. Retrieved 2023-12-07.
  35. ^ "TLB-Based Side Channel Attack: Security Update". developer.arm.com. Retrieved 2023-12-07.
  36. ^ "oss-sec: SLAM: Spectre based on Linear Address Masking". seclists.org. Retrieved 2023-12-07.
  37. ^ "New SLAM attack steals sensitive data from AMD, future Intel CPUs". BleepingComputer. Retrieved 2023-12-07.
  38. ^ "GhostRace". vusec. Retrieved 2024-03-12.
  39. ^ "Speculative Race Conditions (SRCs)". amd.com. 2024-03-12.
  40. ^ "GhostRace Detailed - Speculative Race Conditions Affecting All Major CPUs / ISAs". www.phoronix.com. Retrieved 2024-03-12.
  41. ^ "oss-sec: Xen Security Advisory 453 v1 (CVE-2024-2193) - GhostRace: Speculative Race Conditions". seclists.org. Retrieved 2024-03-14.
  42. ^ "Register File Data Sampling". Intel. Retrieved 2024-03-15.
  43. ^ "The Performance Impact Of Intel's Register File Data Sampling". www.phoronix.com. Retrieved 2024-03-15.
  44. ^ "InSpectre Gadget". vusec. Retrieved 2024-04-14.
  45. ^ "oss-security - Xen Security Advisory 456 v2 (CVE-2024-2201) - x86: Native Branch History Injection". www.openwall.com. Retrieved 2024-04-14.
  46. ^ "2268118 – (CVE-2024-2201) CVE-2024-2201 hw: cpu: intel:InSpectre Gadget a residual Attack Surface of Cross-privilege Spectre v2". bugzilla.redhat.com. Retrieved 2024-04-14.
  47. ^ "Branch History Injection and Intra-mode Branch Target Injection". Intel. Retrieved 2024-04-14.
  48. ^ a b c d e f g "Affected Processors: Transient Execution Attacks & Related Security Issues by CPU". Intel. November 3, 2023. from the original on 2021-05-09. Retrieved 2024-03-12.
  49. ^ "AMD Product Security | AMD". August 10, 2019. Retrieved 2019-08-10.
  50. ^ Cutress, Ian. "AMD Zen 2 Microarchitecture Analysis: Ryzen 3000 and EPYC Rome". www.anandtech.com. Retrieved 2019-06-11.
  51. ^ Cutress, Dr Ian. "The Ice Lake Benchmark Preview: Inside Intel's 10nm". www.anandtech.com. Retrieved 2019-08-01.
  52. ^ "Intel Core i9-9900K mit 8 Kernen und 5 GHz für Gamer". heise online (in German). October 8, 2018. Retrieved 2018-10-09.
  53. ^ https://developer.amd.com/wp-content/resources/90343-B_SoftwareTechniquesforManagingSpeculation_WP_7-18Update_FNL.pdf [bare URL PDF]
  54. ^ Intel (January 3, 2018). Branch Target Injection (Technical report). Retrieved 2024-03-06. Two mitigation techniques have been developed ...: indirect branch control mechanisms and a software approach called ... retpoline
  55. ^ Intel (May 21, 2018). Speculative Store Bypass (Technical report). Retrieved 2024-03-06. To minimize performance impact, we do not currently recommend setting SSBD for OSes, VMMs
  56. ^ "INTEL-SA-00145". Intel.
  57. ^ "Bounds Check Bypass Store (BCBS) Vulnerability (INTEL-OSS-10002)". Intel.
  58. ^ "Spectre Returns! Speculation Attacks using the Return Stack Buffer" (PDF). www.usenix.org. Retrieved 2019-08-17.
  59. ^ Maisuradze, Giorgi; Rossow, Christian (2018). "ret2spec: Speculative Execution Using Return Stack Buffers". Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. pp. 2109–2122. arXiv:1807.10364. Bibcode:2018arXiv180710364M. doi:10.1145/3243734.3243761. ISBN 9781450356930. S2CID 51804116.
  60. ^ "Kernel/Git/Torvalds/Linux.git - Linux kernel source tree".
  61. ^ "Processors Affected: L1 Terminal Fault". Intel. August 14, 2018. Retrieved 2024-03-06. ...processors that have the RDCL_NO bit set to one (1) ... are not susceptible to the L1TF
  62. ^ a b "Processors Affected: Microarchitectural Data Sampling". Intel. May 14, 2019. Retrieved 2024-03-07. MFBDS is mitigated if either the RDCL_NO or MDS_NO bit ... are set. [...]
    All processors affected by MSBDS, MFBDS, or MLPDS are also affected by MDSUM for the relevant buffers.
  63. ^ Intel (March 11, 2021) [Disclosed May 14, 2019]. Microarchitectural Data Sampling (Technical report). Retrieved 2024-03-07. VMMs that already ... mitigate L1TF may not need further changes ... a VERW may be needed to overwrite the store buffers
  64. ^ Moghimi, Daniel (July 14, 2020). Data Sampling on MDS-resistant 10th Generation Intel Core (Ice Lake). GitHub (Technical report). Worcester Polytechnic Institute. Retrieved 2020-07-15.
  65. ^ Intel (July 14, 2020). "Microarchitectural Data Sampling Advisory" (Press release). Retrieved 2020-07-15. Intel Core Processor Family (Ice Lake)
  66. ^ "Bitdefender SWAPGS Attack Mitigation Solutions". www.bitdefender.com. Retrieved 2019-08-07.
  67. ^ . chromium.googlesource.com. Archived from the original on 2019-08-07. Retrieved 2019-08-07.
  68. ^ Winder, Davey (August 6, 2019). "Microsoft Confirms New Windows CPU Attack Vulnerability, Advises All Users To Update Now". Forbes. Retrieved 2019-08-07.
  69. ^ at 18:02, Shaun Nichols in San Francisco 12 Nov 2019. "True to its name, Intel CPU flaw ZombieLoad comes shuffling back with new variant". www.theregister.co.uk. Retrieved 2019-11-12.{{cite web}}: CS1 maint: numeric names: authors list (link)
  70. ^ Cimpanu, Catalin. "Intel's Cascade Lake CPUs impacted by new Zombieload v2 attack". ZDNet. Retrieved 2019-11-12.
  71. ^ "Cyberus Technology: TSX Asynchronous Abort". www.cyberus-technology.de. Retrieved 2019-11-12.
  72. ^ Intel (November 12, 2019). Intel TSX Asynchronous Abort (Technical report). Retrieved 2024-03-12. TAA can be mitigated by either applying the MDS software mitigations or by selectively disabling Intel TSX
  73. ^ "CacheOut". cacheoutattack.com. Retrieved 2020-01-29.
  74. ^ a b "MDS Attacks: Microarchitectural Data Sampling". mdsattacks.com. Retrieved 2020-01-27.
  75. ^ a b "IPAS: INTEL-SA-00329". Technology@Intel. January 27, 2020. Retrieved 2020-01-28.
  76. ^ "LVI: Hijacking Transient Execution with Load Value Injection". lviattack.eu. Retrieved 2020-03-10.
  77. ^ "INTEL-SA-00334". Intel. Retrieved 2020-03-10.
  78. ^ "Deep Dive: Load Value Injection". software.intel.com. Retrieved 2020-03-10.
  79. ^ at 17:00, Thomas Claburn in San Francisco 10 Mar 2020. "You only LVI twice: Meltdown The Sequel strikes Intel chips – and full mitigation against data-meddling flaw will cost you 50%+ of performance". www.theregister.co.uk. Retrieved 2020-03-10.{{cite web}}: CS1 maint: numeric names: authors list (link)
  80. ^ "CROSSTalk". VUSec. Retrieved 2020-06-09.
  81. ^ Intel (June 14, 2022) [Disclosed June 9, 2020]. Special Register Buffer Data Sampling (Technical report). Retrieved 2024-03-21. systems that have loaded the microcode ... are fully mitigated by default
  82. ^ Intel (March 11, 2022) [Disclosed March 8, 2022]. Branch History Injection and Intra-mode Branch Target Injection (Technical report). Retrieved 2024-03-22. potential BHI attacks can be mitigated by adding LFENCE to specific identified gadgets
  83. ^ Intel (June 14, 2022). Processor MMIO Stale Data Vulnerabilities (Technical report). Retrieved 2024-04-17. For processors ... where MD_CLEAR may not overwrite fill buffer values, Intel has released microcode updates ... so that VERW does overwrite fill buffer values. [...]
    To mitigate this, the OS, VMM, or driver that reads the secret data can reduce the window in which that data remains vulnerable ... by performing an additional read of some non-secret data
  84. ^ AMD (July 12, 2022). "AMD CPU Branch Type Confusion" (Press release). Retrieved 2024-03-25.
  85. ^ a b "Inception: how a simple XOR can cause a Microarchitectural Stack Overflow". Computer Security Group. Retrieved 2023-09-15.
  86. ^ "Retbleed: Arbitrary Speculative Code Execution with Return Instructions – Computer Security Group". Retrieved 2022-07-12.
  87. ^ "INTEL-SA-00702". Intel. Retrieved 2022-07-13.
  88. ^ "AMD, Intel chips vulnerable to 'Retbleed' Spectre variant". www.theregister.com. Retrieved 2022-07-12.
  89. ^ Goodin, Dan (July 12, 2022). "New working speculative execution attack sends Intel and AMD scrambling". Ars Technica. Retrieved 2022-07-12.
  90. ^ "security-research/pocs/cpus/zenbleed at master · google/security-research". GitHub. Retrieved 2023-07-27.
  91. ^ "AMD: Information Leak in Zen 2". GitHub. Retrieved 2023-07-27.
  92. ^ "Cross-Process Information Leak". AMD. Retrieved 2023-07-27.
  93. ^ "oss-security - Xen Security Advisory 434 v1 (CVE-2023-20569) - x86/AMD: Speculative Return Stack Overflow". www.openwall.com. Retrieved 2023-09-15.
  94. ^ "INTEL-SA-00088". Intel. Retrieved 2018-09-01.
  95. ^ "INTEL-SA-00115". Intel. Retrieved 2018-09-01.
  96. ^ "Meltdown and Spectre Status Page". wiki.netbsd.org. Retrieved 2019-09-29.
  97. ^ Ltd, Arm. "Speculative Processor Vulnerability | Cache Speculation Issues Update". ARM Developer. Retrieved 2019-09-29.
  98. ^ "About speculative execution vulnerabilities in ARM-based and Intel CPUs". Apple Support. May 31, 2018. Retrieved 2019-09-29.
  99. ^ "Potential Impact on Processors in the POWER Family". IBM PSIRT Blog. May 14, 2019. Retrieved 2019-09-29.

External links edit

  • Linux kernel: Hardware vulnerabilities
  • spectre-meltdown-checker on GitHub
  • Vulnerabilities associated with CPU speculative execution
  • A systematic evaluation of transient execution attacks and defenses
  • A dynamic tree of transient execution vulnerabilities for Intel, AMD and ARM CPUs
  • Transient Execution Attacks by Daniel Gruss, June 20, 2019
  • CPU Bugs
  • Intel: Refined Speculative Execution Terminology

January 01, 1970
transient, execution, vulnerability, main, articles, downfall, security, vulnerability, foreshadow, lazy, state, restore, load, value, injection, meltdown, security, vulnerability, microarchitectural, data, sampling, retbleed, spectre, security, vulnerability,. Main articles Downfall security vulnerability Foreshadow Lazy FP state restore Load value injection Meltdown security vulnerability Microarchitectural Data Sampling Retbleed Spectre security vulnerability Speculative Store Bypass and SWAPGS security vulnerability Transient execution CPU vulnerabilities are vulnerabilities in a computer system in which a speculative execution optimization implemented in a microprocessor is exploited to leak secret data to an unauthorized party The archetype is Spectre and transient execution attacks like Spectre belong to the cache attack category one of several categories of side channel attacks Since January 2018 many different cache attack vulnerabilities have been identified Contents 1 Overview 2 Timeline 2 1 2017 2018 2 2 2021 2 3 2022 2 4 2023 2 5 2024 3 Future 4 Vulnerabilities and mitigations summary 4 1 Notes 5 References 6 External linksOverview editModern computers are highly parallel devices composed of components with very different performance characteristics If an operation such as a branch cannot yet be performed because some earlier slow operation such as a memory read has not yet completed a microprocessor may attempt to predict the result of the earlier operation and execute the later operation speculatively acting as if the prediction was correct The prediction may be based on recent behavior of the system When the earlier slower operation completes the microprocessor determines whether prediction was correct or incorrect If it was correct then execution proceeds uninterrupted if it was incorrect then the microprocessor rolls back the speculatively executed operations and repeats the original instruction with the real result of the slow operation Specifically a transient instruction 1 refers to an instruction processed by error by the processor incriminating the branch predictor in the case of Spectre which can affect the micro architectural state of the processor leaving the architectural state without any trace of its execution In terms of the directly visible behavior of the computer it is as if the speculatively executed code never happened However this speculative execution may affect the state of certain components of the microprocessor such as the cache and this effect may be discovered by careful monitoring of the timing of subsequent operations If an attacker can arrange that the speculatively executed code which may be directly written by the attacker or may be a suitable gadget that they have found in the targeted system operates on secret data that they are unauthorized to access and has a different effect on the cache for different values of the secret data they may be able to discover the value of the secret data Timeline edit2017 2018 edit Starting in 2017 multiple examples of such vulnerabilities were identified with publication starting in early 2018 2021 edit In March 2021 AMD security researchers discovered that the Predictive Store Forwarding algorithm in Zen 3 CPUs could be used by malicious applications to access data it shouldn t be accessing 2 According to Phoronix there s little performance impact in disabling the feature 3 In June 2021 two new vulnerabilities Speculative Code Store Bypass SCSB CVE 2021 0086 and Floating Point Value Injection FPVI CVE 2021 0089 affecting all modern x86 64 CPUs both from Intel and AMD were discovered 4 In order to mitigate them software has to be rewritten and recompiled ARM CPUs are not affected by SCSB but some certain ARM architectures are affected by FPVI 5 In August 2021 a vulnerability called Transient Execution of Non canonical Accesses affecting certain AMD CPUs was disclosed 6 7 8 It requires the same mitigations as the MDS vulnerability affecting certain Intel CPUs 9 It was assigned CVE 2020 12965 Since most x86 software is already patched against MDS and this vulnerability has the exact same mitigations software vendors don t have to address this vulnerability In October 2021 for the first time ever a vulnerability similar to Meltdown was disclosed 10 11 to be affecting all AMD CPUs however the company doesn t think any new mitigations have to be applied and the existing ones are already sufficient 12 2022 edit In March 2022 a new variant of the Spectre vulnerability called Branch History Injection was disclosed 13 14 It affects certain ARM64 CPUs 15 and the following Intel CPU families Cascade Lake Ice Lake Tiger Lake and Alder Lake According to Linux kernel developers AMD CPUs are also affected 16 In March 2022 a vulnerability affecting a wide range of AMD CPUs was disclosed under CVE 2021 26341 17 18 In June 2022 multiple MMIO Intel CPUs vulnerabilities related to execution in virtual environments were announced 19 The following CVEs were designated CVE 2022 21123 CVE 2022 21125 CVE 2022 21166 In July 2022 the Retbleed vulnerability was disclosed affecting Intel Core 6 to 8th generation CPUs and AMD Zen 1 1 and 2 generation CPUs Newer Intel microarchitectures as well as AMD starting with Zen 3 are not affected The mitigations for the vulnerability decrease the performance of the affected Intel CPUs by up to 39 while AMD CPUs lose up to 14 In August 2022 the SQUIP vulnerability was disclosed affecting Ryzen 2000 5000 series CPUs 20 According to AMD the existing mitigations are enough to protect from it 21 According to a Phoronix review released in October 2022 Zen 4 Ryzen 7000 CPUs are not slowed down by mitigations in fact disabling them leads to a performance loss 22 23 2023 edit In February 2023 a vulnerability affecting a wide range of AMD CPU architectures called Cross Thread Return Address Predictions was disclosed 24 25 26 In July 2023 a critical vulnerability in the Zen 2 AMD microarchitecture called Zenbleed was made public 27 1 AMD released a microcode update to fix it 28 In August 2023 a vulnerability in AMD s Zen 1 Zen 2 Zen 3 and Zen 4 microarchitectures called Inception 29 30 was revealed and assigned CVE 2023 20569 According to AMD it is not practical but the company will release a microcode update for the affected products Also in August 2023 a new vulnerability called Downfall or Gather Data Sampling was disclosed 31 32 33 affecting Intel CPU Skylake Cascade Lake Cooper Lake Ice Lake Tiger Lake Amber Lake Kaby Lake Coffee Lake Whiskey Lake Comet Lake amp Rocket Lake CPU families Intel will release a microcode update for affected products The SLAM 34 35 36 37 vulnerability Spectre based on Linear Address Masking reported in 2023 neither has received a corresponding CVE nor has been confirmed or mitigated against 2024 edit In March 2024 a variant of Spectre V1 attack called GhostRace was published 38 It was claimed it affected all the major microarchitectures and vendors including Intel AMD and ARM It was assigned CVE 2024 2193 AMD dismissed the vulnerability calling it Speculative Race Conditions SRCs claiming that existing mitigations were enough 39 Linux kernel developers chose not to add mitigations citing performance concerns 40 The Xen hypervisor project released patches to mitigate the vulnerability but it s not enabled by default 41 Also in March 2024 a vulnerability in Intel Atom processors called Register File Data Sampling RFDS was revealed 42 It was assigned CVE 2023 28746 Its mitigations incur a slight performance degradation 43 In April 2024 it was revealed that the BHI vulnerability in certain Intel CPU families could be still exploited in Linux entirely in user space without using any kernel features or root access despite existing mitigations 44 45 46 Intel recommended additional software hardening 47 The attack was assigned a new CVE 2024 2201 Future editSpectre class vulnerabilities will remain unfixed because otherwise CPU designers will have to disable speculative execution which will entail a massive performance loss citation needed Despite this AMD has managed to design Zen 4 such a way its performance is not affected by mitigations 22 23 Vulnerabilities and mitigations summary editMitigation Type Comprehensiveness Effectiveness Performance Impact Hardware Full Full None Small Microcode Partial Full Partial Full None Large OS VMM Partial Partial Full Small Large Software Recompilation Poor Partial Full Medium Large Hardware mitigations require changes to the CPU design and thus a new iteration of hardware but impose close to zero performance loss Microcode updates alter the software that the CPU runs on which requires patches to be released for each affected CPU and integrated into every BIOS operating system OS VMM mitigations are applied at the operating system or virtual machine level and depending on workload often incur quite a significant performance loss Software recompilation requires recompiling lots of pieces of software and usually incurs a severe performance hit Vulnerability Name s SubnameOfficial Name Subname CVE Affected CPU architectures and mitigations Intel 48 AMD 49 10th gen 9th gen 8th gen Zen Zen Zen 2 50 Ice Lake 51 Cascade Comet Amber Lake Coffee Lake 52 Whiskey Lake Coffee Lake Amber Lake Spectre v1Bounds Check Bypass 2017 5753 Software Recompilation 53 v2Branch Target Injection 54 2017 5715 Hardware OS VMM Software Recompilation Microcode Microcode OS VMM Software Recompilation Hardware OS VMM Software Recompilation Hardware a Meltdown v3Rogue Data Cache Load 2017 5754 Hardware OS Not affected Spectre NG v3aRogue System Register Read 2018 3640 Hardware Hardware Microcode Microcode Microcode Microcode b Hardware a v4Speculative Store Bypass 55 2018 3639 Hardware OS Software Recompilation Microcode OS Software Recompilation OS VMM Hardware OS VMM a Lazy FP State Restore 2018 3665 OS VMM 56 Not affected v1 1Bounds Check Bypass Store 2018 3693 Software Recompilation 57 SpectreRSB 58 ret2spec 59 Return Mispredict 2018 15572 OS 60 ForeshadowL1 Terminal Fault L1TF 61 SGX 2018 3615 Not affected Microcode Not affected OS SMM 2018 3620 Microcode OS VMM VMM 2018 3646 Microarchitectural Data Sampling MDS 62 63 RIDL ZombieLoadFill Buffer MFBDS 2018 12130 Microcode OS Load Port MLPDS 2018 12127 Hardware Microcode OS VMM c Hardware a FalloutStore Buffer MSBDS 2018 12126 Hardware Microcode 64 65 Microcode OS VMM c Microcode OS VMM Hardware a RIDL Uncacheable Memory MDSUM 2019 11091 Same as the buffer having entries SWAPGS 66 67 68 2019 1125 OS RIDL Rogue In Flight Data Load ZombieLoad v2 69 70 TSX Asynchronous Abort TAA 71 72 2019 11135 Hardware d Microcode OS VMM Existing MDS mitigations Existing MDS mitigations TSX not supported b Microcode OS VMM a ZombieLoad CacheOutL1D Eviction Sampling L1DES 73 74 75 2020 0549 Not affected Microcode Microcode Not affected b Vector Register Sampling VRS 74 75 2020 0548 Microcode Not affected b Load Value Injection LVI 76 77 78 79 2020 0551 Software Recompilation mainly for Intel SGX CROSSTalk 80 Special Register Buffer Data Sampling SRBDS 81 2020 0543 Microcode e Microcode Not affected Branch History Injection BHI 82 and other forms of intra mode BTI 2022 0001 0002 Software Recompilation Not affected Not affected Software Recompilation a MMIO Stale Data 83 Shared Buffers Data Read SBDR Shared Buffers Data Sampling SBDS 2022 211232022 21125 Not affected f Microcode Software Recompilation Software Recompilation Not affected Microcode Software Recompilation g Device Register Partial Write DRPW 2022 21166 Microcode Existing MDS mitigations Branch Type Confusion BTC 84 Phantom 85 BTC NOBRBTC DIR 2022 23825 Not affected OS VMM BTC IND Existing Spectre v2 mitigations Retbleed 86 87 88 89 BTC RET 2022 29900 29901 Not affected OS VMM OS VMM OS VMM Software Recompilation Not affected a Cross Thread Return Address Predictions 25 24 2022 27672 Not affected OS VMM Zenbleed 90 Cross Process Information Leak 91 92 2023 20593 Not affected Microcode Inception 85 29 93 Speculative Return Stack Overflow SRSO 2023 20569 Not affected OS VMM Downfall 32 33 Gather Data Sampling GDS 31 2022 40982 Microcode Not affected The 8th generation Coffee Lake architecture in this table also applies to a wide range of previously released Intel CPUs not limited to the architectures based on Intel Core Pentium 4 and Intel Atom starting with Silvermont 94 95 Various CPU microarchitectures not included above are also affected among them are ARM IBM Power MIPS and others 96 97 98 99 Notes edit a b c d e f g h Whiskey Lake stepping C 48 Coffee Lake stepping D a b c d Comet Lake except U42 CPUID 806EC 48 a b Cascade Lake stepping 5 62 Ice Lake Xeon SP CPUID 606A 48 Comet Lake U42Amber Lake CPUID 806EC 48 Cascade Lake 48 Ice Lake Core family CPUID 706E5 48 References edit Kocher Paul Horn Jann Fogh Anders Genkin Daniel Gruss Daniel Spectre Attacks Exploiting Speculative Execution PDF Retrieved 2020 04 16 Cutress Ian AMD Issues Updated Speculative Spectre Security Status Predictive Store Forwarding www anandtech com Retrieved 2021 04 08 Benchmarking AMD Zen 3 With Predictive Store Forwarding Disabled Phoronix www phoronix com Retrieved 2021 04 08 Rage Against the Machine Clear VUSec Retrieved 2021 06 29 Speculative Processor Vulnerability Frequently asked questions Arm Developer Retrieved 2021 06 29 Transient Execution of Non canonical Accesses Musaev Saidgani Fetzer Christof 2021 Transient Execution of Non Canonical Accesses arXiv 2108 10771 cs CR Francisco Thomas Claburn in San Boffins find if you torture AMD Zen Zen 2 CPUs enough they are vulnerable to Meltdown like attack www theregister com Retrieved 2021 09 05 https developer amd com wp content resources 90343 D SoftwareTechniquesforManagingSpeculation WP 9 20Update R2 pdf bare URL PDF Lipp Moritz Gruss Daniel Schwarz Michael 2021 10 19 AMD Prefetch Attacks through Power and Time USENIX Security Symposium AMD Prefetch Attacks through Power and Time PDF Side channels Related to the x86 PREFETCH Instruction Branch History Injection VUSec Retrieved 2022 03 08 BHI The Newest Spectre Vulnerability Affecting Intel amp Arm CPUs www phoronix com Retrieved 2022 03 08 Ltd Arm Speculative Processor Vulnerability Spectre BHB Arm Developer Retrieved 2022 03 11 Linux Lands Mitigations For Spectre BHB BHI On Intel amp Arm Plus An AMD Change Too www phoronix com Retrieved 2022 03 08 grsecurity The AMD Branch Mis predictor Part 2 Where No CPU has Gone Before CVE 2021 26341 grsecurity net Retrieved 2022 03 11 AMD CPUs May Transiently Execute Beyond Unconditional Direct Branch oss security Xen Security Advisory 404 v2 CVE 2022 21123 CVE 2022 21125 CVE 2022 21166 x86 MMIO Stale Data vulnerabilities www openwall com Retrieved 2022 06 19 AMD Details SQUIP Side Channel Vulnerability For Zen s Execution Unit Scheduler www phoronix com Retrieved 2022 08 10 Execution Unit Scheduler Contention Side Channel Vulnerability on AMD Processors a b With AMD Zen 4 It s Surprisingly Not Worthwhile Disabling CPU Security Mitigations www phoronix com Retrieved 2022 10 07 a b Disabling Spectre V2 Mitigations Is What Can Impair AMD Ryzen 7000 Series Performance www phoronix com Retrieved 2022 10 07 a b FYI PATCH 0 3 Cross Thread Return Address Predictions vulnerability LWN net lwn net Retrieved 2023 02 14 a b Cross Thread Return Address Predictions AMD February 14 2022 Retrieved 2023 08 11 oss sec Xen Security Advisory 426 v1 CVE 2022 27672 x86 Cross Thread Return Address Predictions seclists org Retrieved 2023 02 15 Paul Alcorn 2023 07 24 AMD Zenbleed Bug Allows Data Theft From Zen 2 Processors Patches Coming Tom s Hardware Retrieved 2023 07 24 Cross Process Information Leak amd com 2023 07 24 Retrieved 2023 07 27 a b Return Address Security Bulletin amd com 2023 08 08 Retrieved 2023 08 08 New Inception attack leaks sensitive data from all AMD Zen CPUs BleepingComputer Retrieved 2023 08 09 a b Gather Data Sampling Intel Retrieved 2023 08 09 a b Downfall Downfall Attacks Retrieved 2023 08 09 a b Downfall and Zenbleed Googlers helping secure the ecosystem Google Online Security Blog Retrieved 2023 08 09 SLAM Spectre based on Linear Address Masking vusec Retrieved 2023 12 07 TLB Based Side Channel Attack Security Update developer arm com Retrieved 2023 12 07 oss sec SLAM Spectre based on Linear Address Masking seclists org Retrieved 2023 12 07 New SLAM attack steals sensitive data from AMD future Intel CPUs BleepingComputer Retrieved 2023 12 07 GhostRace vusec Retrieved 2024 03 12 Speculative Race Conditions SRCs amd com 2024 03 12 GhostRace Detailed Speculative Race Conditions Affecting All Major CPUs ISAs www phoronix com Retrieved 2024 03 12 oss sec Xen Security Advisory 453 v1 CVE 2024 2193 GhostRace Speculative Race Conditions seclists org Retrieved 2024 03 14 Register File Data Sampling Intel Retrieved 2024 03 15 The Performance Impact Of Intel s Register File Data Sampling www phoronix com Retrieved 2024 03 15 InSpectre Gadget vusec Retrieved 2024 04 14 oss security Xen Security Advisory 456 v2 CVE 2024 2201 x86 Native Branch History Injection www openwall com Retrieved 2024 04 14 2268118 CVE 2024 2201 CVE 2024 2201 hw cpu intel InSpectre Gadget a residual Attack Surface of Cross privilege Spectre v2 bugzilla redhat com Retrieved 2024 04 14 Branch History Injection and Intra mode Branch Target Injection Intel Retrieved 2024 04 14 a b c d e f g Affected Processors Transient Execution Attacks amp Related Security Issues by CPU Intel November 3 2023 Archived from the original on 2021 05 09 Retrieved 2024 03 12 AMD Product Security AMD August 10 2019 Retrieved 2019 08 10 Cutress Ian AMD Zen 2 Microarchitecture Analysis Ryzen 3000 and EPYC Rome www anandtech com Retrieved 2019 06 11 Cutress Dr Ian The Ice Lake Benchmark Preview Inside Intel s 10nm www anandtech com Retrieved 2019 08 01 Intel Core i9 9900K mit 8 Kernen und 5 GHz fur Gamer heise online in German October 8 2018 Retrieved 2018 10 09 https developer amd com wp content resources 90343 B SoftwareTechniquesforManagingSpeculation WP 7 18Update FNL pdf bare URL PDF Intel January 3 2018 Branch Target Injection Technical report Retrieved 2024 03 06 Two mitigation techniques have been developed indirect branch control mechanisms and a software approach called retpoline Intel May 21 2018 Speculative Store Bypass Technical report Retrieved 2024 03 06 To minimize performance impact we do not currently recommend setting SSBD for OSes VMMs INTEL SA 00145 Intel Bounds Check Bypass Store BCBS Vulnerability INTEL OSS 10002 Intel Spectre Returns Speculation Attacks using the Return Stack Buffer PDF www usenix org Retrieved 2019 08 17 Maisuradze Giorgi Rossow Christian 2018 ret2spec Speculative Execution Using Return Stack Buffers Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security pp 2109 2122 arXiv 1807 10364 Bibcode 2018arXiv180710364M doi 10 1145 3243734 3243761 ISBN 9781450356930 S2CID 51804116 Kernel Git Torvalds Linux git Linux kernel source tree Processors Affected L1 Terminal Fault Intel August 14 2018 Retrieved 2024 03 06 processors that have the RDCL NO bit set to one 1 are not susceptible to the L1TF a b Processors Affected Microarchitectural Data Sampling Intel May 14 2019 Retrieved 2024 03 07 MFBDS is mitigated if either the RDCL NO or MDS NO bit are set All processors affected by MSBDS MFBDS or MLPDS are also affected by MDSUM for the relevant buffers Intel March 11 2021 Disclosed May 14 2019 Microarchitectural Data Sampling Technical report Retrieved 2024 03 07 VMMs that already mitigate L1TF may not need further changes a VERW may be needed to overwrite the store buffers Moghimi Daniel July 14 2020 Data Sampling on MDS resistant 10th Generation Intel Core Ice Lake GitHub Technical report Worcester Polytechnic Institute Retrieved 2020 07 15 Intel July 14 2020 Microarchitectural Data Sampling Advisory Press release Retrieved 2020 07 15 Intel Core Processor Family Ice Lake Bitdefender SWAPGS Attack Mitigation Solutions www bitdefender com Retrieved 2019 08 07 Documentation admin guide hw vuln spectre rst chromiumos third party kernel Git at Google chromium googlesource com Archived from the original on 2019 08 07 Retrieved 2019 08 07 Winder Davey August 6 2019 Microsoft Confirms New Windows CPU Attack Vulnerability Advises All Users To Update Now Forbes Retrieved 2019 08 07 at 18 02 Shaun Nichols in San Francisco 12 Nov 2019 True to its name Intel CPU flaw ZombieLoad comes shuffling back with new variant www theregister co uk Retrieved 2019 11 12 a href Template Cite web html title Template Cite web cite web a CS1 maint numeric names authors list link Cimpanu Catalin Intel s Cascade Lake CPUs impacted by new Zombieload v2 attack ZDNet Retrieved 2019 11 12 Cyberus Technology TSX Asynchronous Abort www cyberus technology de Retrieved 2019 11 12 Intel November 12 2019 Intel TSX Asynchronous Abort Technical report Retrieved 2024 03 12 TAA can be mitigated by either applying the MDS software mitigations or by selectively disabling Intel TSX CacheOut cacheoutattack com Retrieved 2020 01 29 a b MDS Attacks Microarchitectural Data Sampling mdsattacks com Retrieved 2020 01 27 a b IPAS INTEL SA 00329 Technology Intel January 27 2020 Retrieved 2020 01 28 LVI Hijacking Transient Execution with Load Value Injection lviattack eu Retrieved 2020 03 10 INTEL SA 00334 Intel Retrieved 2020 03 10 Deep Dive Load Value Injection software intel com Retrieved 2020 03 10 at 17 00 Thomas Claburn in San Francisco 10 Mar 2020 You only LVI twice Meltdown The Sequel strikes Intel chips and full mitigation against data meddling flaw will cost you 50 of performance www theregister co uk Retrieved 2020 03 10 a href Template Cite web html title Template Cite web cite web a CS1 maint numeric names authors list link CROSSTalk VUSec Retrieved 2020 06 09 Intel June 14 2022 Disclosed June 9 2020 Special Register Buffer Data Sampling Technical report Retrieved 2024 03 21 systems that have loaded the microcode are fully mitigated by default Intel March 11 2022 Disclosed March 8 2022 Branch History Injection and Intra mode Branch Target Injection Technical report Retrieved 2024 03 22 potential BHI attacks can be mitigated by adding LFENCE to specific identified gadgets Intel June 14 2022 Processor MMIO Stale Data Vulnerabilities Technical report Retrieved 2024 04 17 For processors where MD CLEAR may not overwrite fill buffer values Intel has released microcode updates so that VERW does overwrite fill buffer values To mitigate this the OS VMM or driver that reads the secret data can reduce the window in which that data remains vulnerable by performing an additional read of some non secret data AMD July 12 2022 AMD CPU Branch Type Confusion Press release Retrieved 2024 03 25 a b Inception how a simple XOR can cause a Microarchitectural Stack Overflow Computer Security Group Retrieved 2023 09 15 Retbleed Arbitrary Speculative Code Execution with Return Instructions Computer Security Group Retrieved 2022 07 12 INTEL SA 00702 Intel Retrieved 2022 07 13 AMD Intel chips vulnerable to Retbleed Spectre variant www theregister com Retrieved 2022 07 12 Goodin Dan July 12 2022 New working speculative execution attack sends Intel and AMD scrambling Ars Technica Retrieved 2022 07 12 security research pocs cpus zenbleed at master google security research GitHub Retrieved 2023 07 27 AMD Information Leak in Zen 2 GitHub Retrieved 2023 07 27 Cross Process Information Leak AMD Retrieved 2023 07 27 oss security Xen Security Advisory 434 v1 CVE 2023 20569 x86 AMD Speculative Return Stack Overflow www openwall com Retrieved 2023 09 15 INTEL SA 00088 Intel Retrieved 2018 09 01 INTEL SA 00115 Intel Retrieved 2018 09 01 Meltdown and Spectre Status Page wiki netbsd org Retrieved 2019 09 29 Ltd Arm Speculative Processor Vulnerability Cache Speculation Issues Update ARM Developer Retrieved 2019 09 29 About speculative execution vulnerabilities in ARM based and Intel CPUs Apple Support May 31 2018 Retrieved 2019 09 29 Potential Impact on Processors in the POWER Family IBM PSIRT Blog May 14 2019 Retrieved 2019 09 29 External links editLinux kernel Hardware vulnerabilities spectre meltdown checker on GitHub Vulnerabilities associated with CPU speculative execution A systematic evaluation of transient execution attacks and defenses A dynamic tree of transient execution vulnerabilities for Intel AMD and ARM CPUs Transient Execution Attacks by Daniel Gruss June 20 2019 CPU Bugs Intel Refined Speculative Execution Terminology Retrieved from https en wikipedia org w index php title Transient execution CPU vulnerability amp oldid 1223110458, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.