CWE-1423
Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution
Shared microarchitectural predictor state may allow code to influence transient execution across a hardware boundary, potentially exposing data that is accessible beyond the boundary over a covert channel.
CVE-2024-10929 (GCVE-0-2024-10929)
Vulnerability from cvelistv5
Published
2025-01-22 16:05
Modified
2025-07-22 10:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1423 - Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution
Summary
In certain circumstances, an issue in Arm Cortex-A57, Cortex-A72 (revisions before r1p0), Cortex-A73 and Cortex-A75 may allow an adversary to gain a weak form of control over the victim's branch history.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
► | Arm | Cortex-A72 |
Version: 0 < r1p0 |
||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-10929", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-22T17:40:01.738399Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-03T14:17:35.216Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Cortex-A72", "vendor": "Arm", "versions": [ { "lessThan": "r1p0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Cortex-A73", "vendor": "Arm", "versions": [ { "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Cortex-A75", "vendor": "Arm", "versions": [ { "status": "affected", "version": "0" } ] }, { "defaultStatus": "unaffected", "product": "Cortex-A57", "vendor": "Arm", "versions": [ { "status": "affected", "version": "0" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn certain circumstances, an issue in Arm Cortex-A57,\u0026nbsp;Cortex-A72 (revisions before r1p0), Cortex-A73 and Cortex-A75 may allow an adversary to gain a weak form of control over the victim\u0027s branch history.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e" } ], "value": "In certain circumstances, an issue in Arm Cortex-A57,\u00a0Cortex-A72 (revisions before r1p0), Cortex-A73 and Cortex-A75 may allow an adversary to gain a weak form of control over the victim\u0027s branch history." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1423", "description": "CWE-1423 Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-22T10:52:46.725Z", "orgId": "56a131ea-b967-4a0d-a41e-5f3549952846", "shortName": "Arm" }, "references": [ { "url": "https://developer.arm.com/Arm%20Security%20Center/Spectre-BSE" } ], "source": { "discovery": "UNKNOWN" }, "title": "Spectre-BSE", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "56a131ea-b967-4a0d-a41e-5f3549952846", "assignerShortName": "Arm", "cveId": "CVE-2024-10929", "datePublished": "2025-01-22T16:05:35.528Z", "dateReserved": "2024-11-06T16:41:11.814Z", "dateUpdated": "2025-07-22T10:52:46.725Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-43420 (GCVE-0-2024-43420)
Vulnerability from cvelistv5
Published
2025-05-13 21:03
Modified
2025-05-14 14:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
- CWE-1423 - Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution
Summary
Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel Atom(R) processors |
Version: See references |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-43420", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-05-14T13:59:10.424631Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-05-14T14:01:31.886Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel Atom(R) processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to potentially enable information disclosure via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.7, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "Information Disclosure", "lang": "en" }, { "cweId": "CWE-1423", "description": "Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-05-13T21:03:09.384Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html", "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-43420", "datePublished": "2025-05-13T21:03:09.384Z", "dateReserved": "2024-09-19T03:00:23.071Z", "dateUpdated": "2025-05-14T14:01:31.886Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-45332 (GCVE-0-2024-45332)
Vulnerability from cvelistv5
Published
2025-05-13 21:03
Modified
2025-05-14 13:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
- CWE-1423 - Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution
Summary
Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Processors |
Version: See references |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2025-05-14T13:53:21.208Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "http://www.openwall.com/lists/oss-security/2025/05/13/7" }, { "url": "https://comsec.ethz.ch/research/microarch/branch-privilege-injection/" } ], "title": "CVE Program Container", "x_generator": { "engine": "ADPogram 0.0.1" } }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-45332", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-05-14T13:56:46.683867Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-05-14T13:57:24.912Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.7, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "Information Disclosure", "lang": "en" }, { "cweId": "CWE-1423", "description": "Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-05-13T21:03:12.207Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html", "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-45332", "datePublished": "2025-05-13T21:03:12.207Z", "dateReserved": "2024-09-19T03:00:23.104Z", "dateUpdated": "2025-05-14T13:57:24.912Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-20623 (GCVE-0-2025-20623)
Vulnerability from cvelistv5
Published
2025-05-13 21:02
Modified
2025-05-14 15:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
- CWE-1423 - Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution
Summary
Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Core™ processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Core™ processors (10th Generation) |
Version: See references |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-20623", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-05-14T15:10:08.956006Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-05-14T15:10:55.376Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Core\u2122 processors (10th Generation)", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Core\u2122 processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.7, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "Information Disclosure", "lang": "en" }, { "cweId": "CWE-1423", "description": "Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-05-13T21:02:26.040Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html", "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2025-20623", "datePublished": "2025-05-13T21:02:26.040Z", "dateReserved": "2025-01-06T23:39:39.905Z", "dateUpdated": "2025-05-14T15:10:55.376Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-23269 (GCVE-0-2025-23269)
Vulnerability from cvelistv5
Published
2025-07-17 20:14
Modified
2025-07-17 20:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1423 - Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution
Summary
NVIDIA Jetson Linux contains a vulnerability in the kernel where an attacker may cause an exposure of sensitive information due to a shared microarchitectural predictor state that influences transient execution. A successful exploit of this vulnerability may lead to information disclosure.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
NVIDIA | Jetson Orin and Xavier Devices |
Version: NVIDIA Jetson Orin Series All versions prior to JP5.x: 35.6.2 Version: NVIDIA Jetson Orin Series All versions prior to JP6.x: 36.4.4 Version: NVIDIA Xavier Series All versions prior to JP5.x: 35.6.2 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-23269", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-07-17T20:28:36.979958Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-07-17T20:28:55.762Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Jetson Linux" ], "product": "Jetson Orin and Xavier Devices", "vendor": "NVIDIA", "versions": [ { "status": "affected", "version": "NVIDIA Jetson Orin Series All versions prior to JP5.x: 35.6.2" }, { "status": "affected", "version": "NVIDIA Jetson Orin Series All versions prior to JP6.x: 36.4.4" }, { "status": "affected", "version": "NVIDIA Xavier Series All versions prior to JP5.x: 35.6.2" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "NVIDIA Jetson Linux contains a vulnerability in the kernel where an attacker may cause an exposure of sensitive information due to a shared microarchitectural predictor state that influences transient execution. A successful exploit of this vulnerability may lead to information disclosure." } ], "value": "NVIDIA Jetson Linux contains a vulnerability in the kernel where an attacker may cause an exposure of sensitive information due to a shared microarchitectural predictor state that influences transient execution. A successful exploit of this vulnerability may lead to information disclosure." } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "Information disclosure" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1423", "description": "CWE-1423: Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-07-17T20:14:21.557Z", "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia" }, "references": [ { "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5662" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "cveId": "CVE-2025-23269", "datePublished": "2025-07-17T20:14:21.557Z", "dateReserved": "2025-01-14T01:06:23.292Z", "dateUpdated": "2025-07-17T20:28:55.762Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Mitigation
Phase: Architecture and Design
Description:
- The hardware designer can attempt to prevent transient execution from causing observable discrepancies in specific covert channels.
Mitigation
Phase: Architecture and Design
Description:
- Hardware designers may choose to use microarchitectural bits to tag predictor entries. For example, each predictor entry may be tagged with a kernel-mode bit which, when set, indicates that the predictor entry was created in kernel mode. The processor can use this bit to enforce that predictions in the current mode must have been trained in the current mode. This can prevent malicious cross-mode training, such as when user-mode software attempts to create predictor entries that influence transient execution in the kernel. Predictor entry tags can also be used to associate each predictor entry with the SMT thread that created it, and thus the processor can enforce that each predictor entry can only be used by the SMT thread that created it. This can prevent an SMT thread from using predictor entries crafted by a malicious sibling SMT thread.
Mitigation
Phase: Architecture and Design
Description:
- Hardware designers may choose to sanitize microarchitectural predictor state (for example, branch prediction history) when the processor transitions to a different context, for example, whenever a system call is invoked. Alternatively, the hardware may expose instruction(s) that allow software to sanitize predictor state according to the user's threat model. For example, this can allow operating system software to sanitize predictor state when performing a context switch from one process to another.
Mitigation
Phase: Implementation
Description:
- System software can mitigate this weakness by invoking predictor-state-sanitizing operations (for example, the indirect branch prediction barrier on Intel x86) when switching from one context to another, according to the hardware vendor's recommendations.
Mitigation
Phase: Build and Compilation
Description:
- If the weakness is exposed by a single instruction (or a small set of instructions), then the compiler (or JIT, etc.) can be configured to prevent the affected instruction(s) from being generated. One prominent example of this mitigation is retpoline ([REF-1414]).
Mitigation
Phase: Build and Compilation
Description:
- Use control-flow integrity (CFI) techniques to constrain the behavior of instructions that redirect the instruction pointer, such as indirect branch instructions.
Mitigation
Phase: Build and Compilation
Description:
- Use software techniques (including the use of serialization instructions) that are intended to reduce the number of instructions that can be executed transiently after a processor event or misprediction.
Mitigation
Phase: System Configuration
Description:
- Some systems may allow the user to disable predictor sharing. For example, this could be a BIOS configuration, or a model-specific register (MSR) that can be configured by the operating system or virtual machine monitor.
Mitigation
Phase: Patching and Maintenance
Description:
- The hardware vendor may provide a patch to, for example, sanitize predictor state when the processor transitions to a different context, or to prevent predictor entries from being shared across SMT threads. A patch may also introduce new ISA that allows software to toggle a mitigation.
Mitigation
Phase: Documentation
Description:
- If a hardware feature can allow microarchitectural predictor state to be shared between contexts, SMT threads, or other architecturally defined boundaries, the hardware designer may opt to disclose this behavior in architecture documentation. This documentation can inform users about potential consequences and effective mitigations.
Mitigation
Phase: Requirements
Description:
- Processor designers, system software vendors, or other agents may choose to restrict the ability of unprivileged software to access to high-resolution timers that are commonly used to monitor covert channels.
No CAPEC attack patterns related to this CWE.