CWE-1422
Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution
A processor event or prediction may allow incorrect or stale data to be forwarded to transient operations, potentially exposing data over a covert channel.
Mitigation
Phase: Architecture and Design
Description:
- The hardware designer can attempt to prevent transient execution from causing observable discrepancies in specific covert channels.
Mitigation
Phase: Requirements
Description:
- Processor designers, system software vendors, or other agents may choose to restrict the ability of unprivileged software to access to high-resolution timers that are commonly used to monitor covert channels.
Mitigation
Phase: Requirements
Description:
- Processor designers may expose instructions or other architectural features that allow software to mitigate the effects of transient execution, but without disabling predictors. These features may also help to limit opportunities for data exposure.
Mitigation
Phase: Requirements
Description:
- Processor designers may expose registers (for example, control registers or model-specific registers) that allow privileged and/or user software to disable specific predictors or other hardware features that can cause confidential data to be exposed during transient execution.
Mitigation
Phase: Build and Compilation
Description:
- Use software techniques (including the use of serialization instructions) that are intended to reduce the number of instructions that can be executed transiently after a processor event or misprediction.
Mitigation
Phase: Build and Compilation
Description:
- Isolate sandboxes or managed runtimes in separate address spaces (separate processes).
Mitigation
Phase: Build and Compilation
Description:
- Include serialization instructions (for example, LFENCE) that prevent processor events or mis-predictions prior to the serialization instruction from causing transient execution after the serialization instruction. For some weaknesses, a serialization instruction can also prevent a processor event or a mis-prediction from occurring after the serialization instruction (for example, CVE-2018-3639 can allow a processor to predict that a load will not depend on an older store; a serialization instruction between the store and the load may allow the store to update memory and prevent the mis-prediction from happening at all).
Mitigation
Phase: Build and Compilation
Description:
- Use software techniques that can mitigate the consequences of transient execution. For example, address masking can be used in some circumstances to prevent out-of-bounds transient reads.
Mitigation
Phase: Build and Compilation
Description:
- If the weakness is exposed by a single instruction (or a small set of instructions), then the compiler (or JIT, etc.) can be configured to prevent the affected instruction(s) from being generated, and instead generate an alternate sequence of instructions that is not affected by the weakness.
Mitigation
Phase: Documentation
Description:
- If a hardware feature can allow incorrect or stale data to be forwarded to transient operations, the hardware designer may opt to disclose this behavior in architecture documentation. This documentation can inform users about potential consequences and effective mitigations.
No CAPEC attack patterns related to this CWE.