CWE-1420: Exposure of Sensitive Information during Transient Execution

Base Incomplete Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

A processor event or prediction may allow incorrect operations (or correct operations with incorrect data) to execute transiently, potentially exposing data over a covert channel.

常见后果

影响范围: Confidentiality

技术影响: Read Memory

潜在缓解措施

阶段: Architecture and Design

描述: The hardware designer can attempt to prevent transient execution from causing observable discrepancies in specific covert channels.

有效性: Limited

阶段: Requirements

有效性: Moderate

阶段: Requirements

有效性: Limited

阶段: Requirements

有效性: Defense in Depth

阶段: Build and Compilation

有效性: High

阶段: Build and Compilation

有效性: Moderate

阶段: Build and Compilation

有效性: Moderate

阶段: Build and Compilation

有效性: Limited

阶段: Build and Compilation

有效性: Limited

阶段: Build and Compilation

有效性: Incidental

阶段: Documentation

有效性: High

检测方法

方法: Manual Analysis

有效性: Moderate

方法: Fuzzing

有效性: Opportunistic

方法: Fuzzing

有效性: Opportunistic

方法: Automated Static Analysis

有效性: Limited

方法: Automated Analysis

有效性: High

观察示例

参考: CVE-2017-5753

Microarchitectural conditional branch predictors may allow operations to execute transiently after a misprediction, potentially exposing data over a covert channel.

参考: CVE-2021-0089

A machine clear triggered by self-modifying code may allow incorrect operations to execute transiently, potentially exposing data over a covert channel.

参考: CVE-2022-0002

Microarchitectural indirect branch predictors may allow incorrect operations to execute transiently after a misprediction, potentially exposing data over a covert channel.

引入模式

阶段	说明
Architecture and Design	This weakness can be introduced when a computing unit (such as a CPU, GPU, accelerator, or any other processor) uses out-of-order execution, speculation, or any other microarchitectural feature that can allow microarchitectural operations to execute without committing to architectural state.
Implementation	This weakness can be introduced when sandboxes or managed runtimes are not properly isolated by using hardware-enforced boundaries. Developers of sandbox or managed runtime software should exercise caution when relying on software techniques (such as bounds checking) to prevent code in one sandbox from accessing confidential data in another sandbox. For example, an attacker sandbox may be able to trigger a processor event or mis-prediction in a manner that allows it to transiently read a victim sandbox's private data.

阶段

说明

Architecture and Design

This weakness can be introduced when a computing unit (such as a CPU, GPU, accelerator, or any other processor) uses out-of-order execution, speculation, or any other microarchitectural feature that can allow microarchitectural operations to execute without committing to architectural state.

Implementation

This weakness can be introduced when sandboxes or managed runtimes are not properly isolated by using hardware-enforced boundaries. Developers of sandbox or managed runtime software should exercise caution when relying on software techniques (such as bounds checking) to prevent code in one sandbox from accessing confidential data in another sandbox. For example, an attacker sandbox may be able to trigger a processor event or mis-prediction in a manner that allows it to transiently read a victim sandbox's private data.

适用平台

编程语言

Not Language-Specific (Undetermined)

操作系统

Not OS-Specific (Undetermined)

技术

Not Technology-Specific (Undetermined)

关键信息

CWE ID: CWE-1420

抽象级别: Base

结构: Simple

状态: Incomplete

CWE-1420: Exposure of Sensitive Information during Transient Execution

弱点描述

常见后果

潜在缓解措施

检测方法

观察示例

引入模式

适用平台

编程语言

操作系统

技术

关键信息

相关弱点

ChildOf CWE-669