CWE-1421: Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
A processor event may allow transient operations to access architecturally restricted data (for example, in another address space) in a shared microarchitectural structure (for example, a CPU cache), potentially exposing the data over a covert channel.
常见后果
影响范围: Confidentiality
技术影响: Read Memory
潜在缓解措施
阶段: Architecture and Design
有效性: High
阶段: Architecture and Design
有效性: Moderate
阶段: Architecture and Design
有效性: Moderate
阶段: Architecture and Design
有效性: Limited
阶段: Architecture and Design
有效性: Limited
阶段: Build and Compilation
有效性: Limited
阶段: Build and Compilation
有效性: Incidental
阶段: Implementation
有效性: Limited
阶段: System Configuration
有效性: Limited
阶段: System Configuration
有效性: Limited
阶段: Patching and Maintenance
有效性: Moderate
阶段: Patching and Maintenance
有效性: Limited
阶段: Requirements
有效性: Defense in Depth
检测方法
方法: Manual Analysis
有效性: Moderate
方法: Automated Analysis
有效性: Moderate
方法: Automated Analysis
有效性: High
方法: Fuzzing
Academic researchers have demonstrated that this weakness can be detected in hardware using software fuzzing tools that treat the underlying hardware as a black box ([REF-1406], [REF-1430])
有效性: Opportunistic
观察示例
参考: CVE-2017-5715
A fault may allow transient user-mode operations to access kernel data cached in the L1D, potentially exposing the data over a covert channel.
参考: CVE-2018-3615
A fault may allow transient non-enclave operations to access SGX enclave data cached in the L1D, potentially exposing the data over a covert channel.
参考: CVE-2019-1135
A TSX Asynchronous Abort may allow transient operations to access architecturally restricted data, potentially exposing the data over a covert channel.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | - |
| System Configuration | - |
| Architecture and Design | - |