CWE-1342: Information Exposure through Microarchitectural State after Transient Execution

Base Incomplete Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

The processor does not properly clear microarchitectural state after incorrect microcode assists or speculative execution, resulting in transient execution.

常见后果

影响范围: Confidentiality Integrity

技术影响: Modify Memory Read Memory Execute Unauthorized Code or Commands

潜在缓解措施

阶段: Architecture and Design Requirements

描述: Hardware ensures that no illegal data flows from faulting micro-ops exists at the microarchitectural level.

有效性: High

阶段: Build and Compilation

描述: Include instructions that explicitly remove traces of unneeded computations from software interactions with microarchitectural elements e.g. lfence, sfence, mfence, clflush.

有效性: High

观察示例

参考: CVE-2020-0551

Load value injection in some processors utilizing speculative execution may allow an authenticated user to enable information disclosure via a side-channel with local access.

引入模式

阶段	说明
Architecture and Design	-
Requirements	-

适用平台

编程语言

Not Language-Specific (Undetermined)

操作系统

Not OS-Specific (Undetermined)

技术

Not Technology-Specific (Undetermined) System on Chip (Undetermined)

关键信息

CWE ID: CWE-1342

抽象级别: Base

结构: Simple

状态: Incomplete

CWE-1342: Information Exposure through Microarchitectural State after Transient Execution

弱点描述

常见后果

潜在缓解措施

观察示例

引入模式

适用平台

编程语言

操作系统

技术

关键信息

相关弱点

相关攻击模式

CWE-1342: Information Exposure through Microarchitectural State after Transient Execution

弱点描述

常见后果

潜在缓解措施

观察示例

引入模式

适用平台

编程语言

操作系统

技术

关键信息

相关弱点

ChildOf CWE-226

ChildOf CWE-226

相关攻击模式