CWE-1423: Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
Shared microarchitectural predictor state may allow code to influence transient execution across a hardware boundary, potentially exposing data that is accessible beyond the boundary over a covert channel.
常见后果
影响范围: Confidentiality
技术影响: Read Memory
潜在缓解措施
阶段: Architecture and Design
阶段: Architecture and Design
有效性: Moderate
阶段: Architecture and Design
有效性: Moderate
阶段: Implementation
有效性: Moderate
阶段: Build and Compilation
有效性: Limited
阶段: Build and Compilation
有效性: Moderate
阶段: Build and Compilation
有效性: Incidental
阶段: System Configuration
有效性: Moderate
阶段: Patching and Maintenance
有效性: Moderate
阶段: Documentation
有效性: High
阶段: Requirements
检测方法
方法: Manual Analysis
有效性: Moderate
方法: Automated Analysis
有效性: High
方法: Automated Analysis
有效性: Moderate
观察示例
参考: CVE-2017-5754
(Branch Target Injection, BTI, Spectre v2). Shared microarchitectural indirect branch predictor state may allow code to influence transient execution across a process, VM, or privilege boundary, potentially exposing data that is accessible beyond the boundary.
参考: CVE-2022-0001
(Branch History Injection, BHI, Spectre-BHB). Shared branch history state may allow user-mode code to influence transient execution in the kernel, potentially exposing kernel data over a covert channel.
参考: CVE-2021-33149
(RSB underflow, Retbleed). Shared return stack buffer state may allow code that executes before a prediction barrier to influence transient execution after the prediction barrier, potentially exposing data that is accessible beyond the barrier over a covert channel.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | - |
| System Configuration | - |