CWE-1303: Non-Transparent Sharing of Microarchitectural Resources
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
Hardware structures shared across execution contexts (e.g., caches and branch predictors) can violate the expected architecture isolation between contexts.
常见后果
影响范围: Confidentiality
技术影响: Read Application Data Read Memory
说明: Microarchitectural side-channels have been used to leak specific information such as cryptographic keys, and Address Space Layout Randomization (ALSR) offsets as well as arbitrary memory.
潜在缓解措施
阶段: Architecture and Design
描述: Microarchitectural covert channels can be addressed using a mixture of hardware and software mitigation techniques. These include partitioned caches, new barrier and flush instructions, and disabling high resolution performance counters and timers.
阶段: Requirements
描述: Microarchitectural covert channels can be addressed using a mixture of hardware and software mitigation techniques. These include partitioned caches, new barrier and flush instructions, and disabling high resolution performance counters and timers.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases. |
| Implementation | Such issues could be introduced during implementation and identified later during Testing or System Configuration phases. |