CWE-1422: Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
A processor event or prediction may allow incorrect or stale data to be forwarded to transient operations, potentially exposing data over a covert channel.
常见后果
影响范围: Confidentiality
技术影响: Read Memory
潜在缓解措施
阶段: Architecture and Design
有效性: Limited
阶段: Requirements
有效性: Defense in Depth
阶段: Requirements
有效性: Moderate
阶段: Requirements
有效性: Limited
阶段: Build and Compilation
有效性: Incidental
阶段: Build and Compilation
有效性: High
阶段: Build and Compilation
有效性: Moderate
阶段: Build and Compilation
有效性: Limited
阶段: Build and Compilation
有效性: Limited
阶段: Documentation
有效性: High
检测方法
方法: Automated Static Analysis
有效性: Moderate
方法: Manual Analysis
有效性: Moderate
方法: Automated Analysis
有效性: High
观察示例
参考: CVE-2020-0551
A fault, microcode assist, or abort may allow transient load operations to forward malicious stale data to dependent operations executed by a victim, causing the victim to unintentionally access and potentially expose its own data over a covert channel.
参考: CVE-2020-8698
A fast store forwarding predictor may allow store operations to forward incorrect data to transient load operations, potentially exposing data over a covert channel.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |