Transient execution CPU vulnerabilities are vulnerabilities in a computer system in which a speculative execution optimization implemented in a microprocessor is exploited to leak secret data to an unauthorized party. The archetype is Spectre, and transient execution attacks like Spectre belong to the cache-attack category, one of several categories of side-channel attacks. Since January 2018 many different cache-attack vulnerabilities have been identified.
Modern computers are highly parallel devices, composed of components with very different performance characteristics. If an operation (such as a branch) cannot yet be performed because some earlier slow operation (such as a memory read) has not yet completed, a microprocessor may attempt to predict the result of the earlier operation and execute the later operation speculatively, acting as if the prediction was correct. The prediction may be based on recent behavior of the system. When the earlier, slower operation completes, the microprocessor determines whether prediction was correct or incorrect. If it was correct then execution proceeds uninterrupted; if it was incorrect then the microprocessor rolls back the speculatively executed operations and repeats the original instruction with the real result of the slow operation. Specifically, a transient instruction [1] refers to an instruction processed by error by the processor (incriminating the branch predictor in the case of Spectre) which can affect the micro-architectural state of the processor, leaving the architectural state without any trace of its execution.
In terms of the directly visible behavior of the computer it is as if the speculatively executed code "never happened". However, this speculative execution may affect the state of certain components of the microprocessor, such as the cache, and this effect may be discovered by careful monitoring of the timing of subsequent operations.
If an attacker can arrange that the speculatively executed code (which may be directly written by the attacker, or may be a suitable gadget that they have found in the targeted system) operates on secret data that they are unauthorized to access, and has a different effect on the cache for different values of the secret data, they may be able to discover the value of the secret data.
Starting in 2017, multiple examples of such vulnerabilities were identified, with publication starting in early 2018.
In March 2021 AMD security researchers discovered that the Predictive Store Forwarding algorithm in Zen 3 CPUs could be used by malicious applications to access data it shouldn't be accessing. [2] According to Phoronix there's little performance impact in disabling the feature. [3]
In June 2021, two new vulnerabilities, Speculative Code Store Bypass (SCSB, CVE-2021-0086) and Floating Point Value Injection (FPVI, CVE-2021-0089), affecting all modern x86-64 CPUs both from Intel and AMD were discovered. [4] In order to mitigate them software has to be rewritten and recompiled. ARM CPUs are not affected by SCSB but some certain ARM architectures are affected by FPVI. [5]
In August 2021 a vulnerability called "Transient Execution of Non-canonical Accesses" affecting certain AMD CPUs was disclosed. [6] [7] [8] It requires the same mitigations as the MDS vulnerability affecting certain Intel CPUs. [9] It was assigned CVE-2020-12965. Since most x86 software is already patched against MDS and this vulnerability has the exact same mitigations, software vendors don't have to address this vulnerability.
In October 2021 for the first time ever a vulnerability similar to Meltdown was disclosed [10] [11] to be affecting all AMD CPUs however the company doesn't think any new mitigations have to be applied and the existing ones are already sufficient. [12]
In March 2022, a new variant of the Spectre vulnerability called Branch History Injection was disclosed. [13] [14] It affects certain ARM64 CPUs [15] and the following Intel CPU families: Cascade Lake, Ice Lake, Tiger Lake and Alder Lake. According to Linux kernel developers AMD CPUs are also affected. [16]
In March 2022, a vulnerability affecting a wide range of AMD CPUs was disclosed under CVE-2021-26341. [17] [18]
In June 2022, multiple MMIO Intel CPUs vulnerabilities related to execution in virtual environments were announced. [19] The following CVEs were designated: CVE-2022-21123, CVE-2022-21125, CVE-2022-21166.
In July 2022, the Retbleed vulnerability was disclosed affecting Intel Core 6 to 8th generation CPUs and AMD Zen 1, 1+ and 2 generation CPUs. Newer Intel microarchitectures as well as AMD starting with Zen 3 are not affected. The mitigations for the vulnerability decrease the performance of the affected Intel CPUs by up to 39%, while AMD CPUs lose up to 14%.
In August 2022, the SQUIP vulnerability was disclosed affecting Ryzen 2000–5000 series CPUs. [20] According to AMD the existing mitigations are enough to protect from it. [21]
According to a Phoronix review released in October, 2022 Zen 4/ Ryzen 7000 CPUs are not slowed down by mitigations, in fact disabling them leads to a performance loss. [22] [23]
In February 2023 a vulnerability affecting a wide range of AMD CPU architectures called "Cross-Thread Return Address Predictions" was disclosed. [24] [25] [26]
In July 2023 a critical vulnerability in the Zen 2 AMD microarchitecture called Zenbleed was made public. [27] [1] AMD released a microcode update to fix it. [28]
In August 2023 a vulnerability in AMD's Zen 1, Zen 2, Zen 3, and Zen 4 microarchitectures called Inception [29] [30] was revealed and assigned CVE-2023-20569. According to AMD it is not practical but the company will release a microcode update for the affected products.
Also in August 2023 a new vulnerability called Downfall or Gather Data Sampling was disclosed, [31] [32] [33] affecting Intel CPU Skylake, Cascade Lake, Cooper Lake, Ice Lake, Tiger Lake, Amber Lake, Kaby Lake, Coffee Lake, Whiskey Lake, Comet Lake & Rocket Lake CPU families. Intel will release a microcode update for affected products.
The SLAM [34] [35] [36] [37] vulnerability (Spectre based on Linear Address Masking) reported in 2023 neither has received a corresponding CVE, nor has been confirmed or mitigated against.
In March 2024, a variant of Spectre-V1 attack called GhostRace was published. [38] It was claimed it affected all the major microarchitectures and vendors, including Intel, AMD and ARM. It was assigned CVE-2024-2193. AMD dismissed the vulnerability (calling it "Speculative Race Conditions (SRCs)") claiming that existing mitigations were enough. [39] Linux kernel developers chose not to add mitigations citing performance concerns. [40] The Xen hypervisor project released patches to mitigate the vulnerability but it's not enabled by default. [41]
Also in March 2024, a vulnerability in Intel Atom processors called Register File Data Sampling (RFDS) was revealed. [42] It was assigned CVE-2023-28746. Its mitigations incur a slight performance degradation. [43]
In April 2024, it was revealed that the BHI vulnerability in certain Intel CPU families could be still exploited in Linux entirely in user space without using any kernel features or root access despite existing mitigations. [44] [45] [46] Intel recommended "additional software hardening". [47] The attack was assigned a new CVE-2024-2201.
Spectre class vulnerabilities will remain unfixed because otherwise CPU designers will have to disable speculative execution which will entail a massive performance loss.[ citation needed] Despite this, AMD has managed to design Zen 4 such a way its performance is not affected by mitigations. [22] [23]
Mitigation Type | Comprehensiveness | Effectiveness | Performance Impact |
---|---|---|---|
Hardware | Full | Full | None…Small |
Microcode | Partial…Full | Partial…Full | None…Large |
OS/VMM | Partial | Partial…Full | Small…Large |
Software Recompilation | Poor | Partial…Full | Medium…Large |
Hardware mitigations require changes to the CPU design and thus a new iteration of hardware, but impose close to zero performance loss.
Microcode updates alter the software that the CPU runs on which requires patches to be released for each affected CPU and integrated into every
BIOS / operating system.
OS/VMM mitigations are applied at the operating system or virtual machine level and (depending on workload) often incur quite a significant performance loss.
Software recompilation requires recompiling lots of pieces of software and usually incurs a severe performance hit.
Vulnerability Name(s)/Subname Official Name/Subname |
CVE | Affected CPU architectures and mitigations | ||||||||
---|---|---|---|---|---|---|---|---|---|---|
Intel [48] | AMD [49] | |||||||||
10th gen | 9th gen | 8th gen* | Zen / Zen+ | Zen 2 [50] | ||||||
Ice Lake [51] |
Cascade/
Comet/ Amber Lake |
Coffee Lake [52] | Whiskey Lake |
Coffee Lake, Amber Lake | ||||||
Spectre | v1 Bounds Check Bypass |
2017-5753 | Software Recompilation [53] | |||||||
v2 Branch Target Injection [54] |
2017-5715 | Hardware + OS/VMM / Software Recompilation |
Microcode + … | Microcode + OS/VMM / Software Recompilation |
Hardware + OS/VMM / Software Recompilation | |||||
Hardware + … [a] | ||||||||||
Meltdown / v3 Rogue Data Cache Load |
2017-5754 | Hardware | OS | Not affected | ||||||
Spectre-NG | v3a Rogue System Register Read |
2018-3640 | Hardware | Hardware | Microcode | Microcode | Microcode | |||
Microcode [b] | Hardware [a] | |||||||||
v4 Speculative Store Bypass [55] |
2018-3639 | [Hardware + OS / ] Software Recompilation |
… | [Microcode + OS / ] Software Recompilation |
OS/VMM | Hardware + OS/VMM | ||||
… [a] | ||||||||||
Lazy FP State Restore | 2018-3665 | OS/VMM [56] | Not affected | |||||||
v1.1 Bounds Check Bypass Store |
2018-3693 | Software Recompilation [57] | ||||||||
SpectreRSB
[58]/ret2spec
[59] Return Mispredict |
2018-15572 | OS [60] | ||||||||
Foreshadow L1 Terminal Fault (L1TF) [61] |
SGX | 2018-3615 | Not affected | Microcode | Not affected | |||||
OS/ SMM | 2018-3620 | Microcode + OS/VMM | ||||||||
VMM | 2018-3646 | |||||||||
Microarchitectural Data Sampling (MDS) [62] [63] | RIDL | ZombieLoad Fill Buffer (MFBDS) |
2018-12130 | Microcode + OS | ||||||
Load Port (MLPDS) | 2018-12127 | Hardware | Microcode + OS/VMM [c] | |||||||
Hardware [a] | ||||||||||
Fallout Store Buffer (MSBDS) |
2018-12126 | Hardware + Microcode [64] [65] | Microcode + OS/VMM [c] | Microcode + OS/VMM | ||||||
Hardware [a] | ||||||||||
RIDL | Uncacheable Memory (MDSUM) | 2019-11091 | Same as the buffer having entries | |||||||
SWAPGS [66] [67] [68] | 2019-1125 | OS | ||||||||
RIDL (Rogue In-Flight Data Load) |
ZombieLoad v2
[69]
[70] TSX Asynchronous Abort (TAA) [71] [72] |
2019-11135 | Hardware [d] | Microcode + OS/VMM | Existing MDS mitigations | Existing MDS mitigations | ||||
TSX not supported [b] | Microcode + OS/VMM [a] | |||||||||
ZombieLoad/CacheOut L1D Eviction Sampling (L1DES) [73] [74] [75] |
2020-0549 | Not affected | Microcode | Microcode | ||||||
Not affected [b] | ||||||||||
Vector Register Sampling (VRS) [74] [75] | 2020-0548 | Microcode | ||||||||
Not affected [b] | ||||||||||
Load Value Injection (LVI) [76] [77] [78] [79] | 2020-0551 | Software Recompilation (mainly for Intel SGX) | ||||||||
CROSSTalk
[80] Special Register Buffer Data Sampling (SRBDS) [81] |
2020-0543 | Microcode [e] | Microcode | |||||||
Not affected | ||||||||||
Branch History Injection (BHI)
[82] and other forms of intra-mode BTI |
2022-0001 |
Software Recompilation | Not affected | Not affected | ||||||
Software Recompilation [a] | ||||||||||
MMIO Stale Data [83] | Shared Buffers Data Read (SBDR) Shared Buffers Data Sampling (SBDS) |
2022-21123 2022-21125 |
Not affected [f] | Microcode + Software Recompilation | Software Recompilation | Not affected | ||||
Microcode + Software Recompilation [g] | ||||||||||
Device Register Partial Write (DRPW) | 2022-21166 | Microcode | Existing MDS mitigations | |||||||
Branch Type Confusion (BTC) [84] | Phantom [85] | BTC-NOBR BTC-DIR |
2022-23825 | Not affected | OS/VMM | |||||
BTC-IND | Existing Spectre v2 mitigations | |||||||||
Retbleed
[86]
[87]
[88]
[89] BTC-RET |
2022-29900 |
Not affected | OS/VMM | OS/VMM | OS/VMM / Software Recompilation | |||||
Not affected [a] | ||||||||||
Cross-Thread Return Address Predictions [25] [24] | 2022-27672 | Not affected | OS/VMM | |||||||
Zenbleed
[90] Cross-Process Information Leak [91] [92] |
2023-20593 | Not affected | Microcode | |||||||
Inception
[85]
[29]
[93] Speculative Return Stack Overflow (SRSO) |
2023-20569 | Not affected | OS/VMM | |||||||
Downfall
[32]
[33] Gather Data Sampling (GDS) [31] |
2022-40982 | Microcode | Not affected |
The 8th generation Coffee Lake architecture in this table also applies to a wide range of previously released Intel CPUs, not limited to the architectures based on Intel Core, Pentium 4 and Intel Atom starting with Silvermont. [94] [95] Various CPU microarchitectures not included above are also affected, among them are ARM, IBM Power, MIPS and others. [96] [97] [98] [99]
Two mitigation techniques have been developed …: indirect branch control mechanisms and a software approach called … retpoline
To minimize performance impact, we do not currently recommend setting SSBD for OSes, VMMs …
… processors that have the RDCL_NO
bit set to one (1) … are not susceptible to the L1TF …
… MFBDS is mitigated if either theRDCL_NO
orMDS_NO
bit … are set. […]
All processors affected by MSBDS, MFBDS, or MLPDS are also affected by MDSUM for the relevant buffers.
VMMs that already … mitigate L1TF may not need further changes … a VERW
may be needed to overwrite the store buffers …
Intel® Core™ Processor Family (Ice Lake)
{{
cite web}}
: CS1 maint: numeric names: authors list (
link)
… TAA can be mitigated by either applying the MDS software mitigations or by selectively disabling Intel TSX …
{{
cite web}}
: CS1 maint: numeric names: authors list (
link)
… systems that have loaded the microcode … are fully mitigated by default
… potential BHI attacks can be mitigated by adding LFENCE to specific identified gadgets …
For processors … whereMD_CLEAR
may not overwrite fill buffer values, Intel has released microcode updates … so thatVERW
does overwrite fill buffer values. […]
To mitigate this, the OS, VMM, or driver that reads the secret data can reduce the window in which that data remains vulnerable … by performing an additional read of some non-secret data …
Transient execution CPU vulnerabilities are vulnerabilities in a computer system in which a speculative execution optimization implemented in a microprocessor is exploited to leak secret data to an unauthorized party. The archetype is Spectre, and transient execution attacks like Spectre belong to the cache-attack category, one of several categories of side-channel attacks. Since January 2018 many different cache-attack vulnerabilities have been identified.
Modern computers are highly parallel devices, composed of components with very different performance characteristics. If an operation (such as a branch) cannot yet be performed because some earlier slow operation (such as a memory read) has not yet completed, a microprocessor may attempt to predict the result of the earlier operation and execute the later operation speculatively, acting as if the prediction was correct. The prediction may be based on recent behavior of the system. When the earlier, slower operation completes, the microprocessor determines whether prediction was correct or incorrect. If it was correct then execution proceeds uninterrupted; if it was incorrect then the microprocessor rolls back the speculatively executed operations and repeats the original instruction with the real result of the slow operation. Specifically, a transient instruction [1] refers to an instruction processed by error by the processor (incriminating the branch predictor in the case of Spectre) which can affect the micro-architectural state of the processor, leaving the architectural state without any trace of its execution.
In terms of the directly visible behavior of the computer it is as if the speculatively executed code "never happened". However, this speculative execution may affect the state of certain components of the microprocessor, such as the cache, and this effect may be discovered by careful monitoring of the timing of subsequent operations.
If an attacker can arrange that the speculatively executed code (which may be directly written by the attacker, or may be a suitable gadget that they have found in the targeted system) operates on secret data that they are unauthorized to access, and has a different effect on the cache for different values of the secret data, they may be able to discover the value of the secret data.
Starting in 2017, multiple examples of such vulnerabilities were identified, with publication starting in early 2018.
In March 2021 AMD security researchers discovered that the Predictive Store Forwarding algorithm in Zen 3 CPUs could be used by malicious applications to access data it shouldn't be accessing. [2] According to Phoronix there's little performance impact in disabling the feature. [3]
In June 2021, two new vulnerabilities, Speculative Code Store Bypass (SCSB, CVE-2021-0086) and Floating Point Value Injection (FPVI, CVE-2021-0089), affecting all modern x86-64 CPUs both from Intel and AMD were discovered. [4] In order to mitigate them software has to be rewritten and recompiled. ARM CPUs are not affected by SCSB but some certain ARM architectures are affected by FPVI. [5]
In August 2021 a vulnerability called "Transient Execution of Non-canonical Accesses" affecting certain AMD CPUs was disclosed. [6] [7] [8] It requires the same mitigations as the MDS vulnerability affecting certain Intel CPUs. [9] It was assigned CVE-2020-12965. Since most x86 software is already patched against MDS and this vulnerability has the exact same mitigations, software vendors don't have to address this vulnerability.
In October 2021 for the first time ever a vulnerability similar to Meltdown was disclosed [10] [11] to be affecting all AMD CPUs however the company doesn't think any new mitigations have to be applied and the existing ones are already sufficient. [12]
In March 2022, a new variant of the Spectre vulnerability called Branch History Injection was disclosed. [13] [14] It affects certain ARM64 CPUs [15] and the following Intel CPU families: Cascade Lake, Ice Lake, Tiger Lake and Alder Lake. According to Linux kernel developers AMD CPUs are also affected. [16]
In March 2022, a vulnerability affecting a wide range of AMD CPUs was disclosed under CVE-2021-26341. [17] [18]
In June 2022, multiple MMIO Intel CPUs vulnerabilities related to execution in virtual environments were announced. [19] The following CVEs were designated: CVE-2022-21123, CVE-2022-21125, CVE-2022-21166.
In July 2022, the Retbleed vulnerability was disclosed affecting Intel Core 6 to 8th generation CPUs and AMD Zen 1, 1+ and 2 generation CPUs. Newer Intel microarchitectures as well as AMD starting with Zen 3 are not affected. The mitigations for the vulnerability decrease the performance of the affected Intel CPUs by up to 39%, while AMD CPUs lose up to 14%.
In August 2022, the SQUIP vulnerability was disclosed affecting Ryzen 2000–5000 series CPUs. [20] According to AMD the existing mitigations are enough to protect from it. [21]
According to a Phoronix review released in October, 2022 Zen 4/ Ryzen 7000 CPUs are not slowed down by mitigations, in fact disabling them leads to a performance loss. [22] [23]
In February 2023 a vulnerability affecting a wide range of AMD CPU architectures called "Cross-Thread Return Address Predictions" was disclosed. [24] [25] [26]
In July 2023 a critical vulnerability in the Zen 2 AMD microarchitecture called Zenbleed was made public. [27] [1] AMD released a microcode update to fix it. [28]
In August 2023 a vulnerability in AMD's Zen 1, Zen 2, Zen 3, and Zen 4 microarchitectures called Inception [29] [30] was revealed and assigned CVE-2023-20569. According to AMD it is not practical but the company will release a microcode update for the affected products.
Also in August 2023 a new vulnerability called Downfall or Gather Data Sampling was disclosed, [31] [32] [33] affecting Intel CPU Skylake, Cascade Lake, Cooper Lake, Ice Lake, Tiger Lake, Amber Lake, Kaby Lake, Coffee Lake, Whiskey Lake, Comet Lake & Rocket Lake CPU families. Intel will release a microcode update for affected products.
The SLAM [34] [35] [36] [37] vulnerability (Spectre based on Linear Address Masking) reported in 2023 neither has received a corresponding CVE, nor has been confirmed or mitigated against.
In March 2024, a variant of Spectre-V1 attack called GhostRace was published. [38] It was claimed it affected all the major microarchitectures and vendors, including Intel, AMD and ARM. It was assigned CVE-2024-2193. AMD dismissed the vulnerability (calling it "Speculative Race Conditions (SRCs)") claiming that existing mitigations were enough. [39] Linux kernel developers chose not to add mitigations citing performance concerns. [40] The Xen hypervisor project released patches to mitigate the vulnerability but it's not enabled by default. [41]
Also in March 2024, a vulnerability in Intel Atom processors called Register File Data Sampling (RFDS) was revealed. [42] It was assigned CVE-2023-28746. Its mitigations incur a slight performance degradation. [43]
In April 2024, it was revealed that the BHI vulnerability in certain Intel CPU families could be still exploited in Linux entirely in user space without using any kernel features or root access despite existing mitigations. [44] [45] [46] Intel recommended "additional software hardening". [47] The attack was assigned a new CVE-2024-2201.
Spectre class vulnerabilities will remain unfixed because otherwise CPU designers will have to disable speculative execution which will entail a massive performance loss.[ citation needed] Despite this, AMD has managed to design Zen 4 such a way its performance is not affected by mitigations. [22] [23]
Mitigation Type | Comprehensiveness | Effectiveness | Performance Impact |
---|---|---|---|
Hardware | Full | Full | None…Small |
Microcode | Partial…Full | Partial…Full | None…Large |
OS/VMM | Partial | Partial…Full | Small…Large |
Software Recompilation | Poor | Partial…Full | Medium…Large |
Hardware mitigations require changes to the CPU design and thus a new iteration of hardware, but impose close to zero performance loss.
Microcode updates alter the software that the CPU runs on which requires patches to be released for each affected CPU and integrated into every
BIOS / operating system.
OS/VMM mitigations are applied at the operating system or virtual machine level and (depending on workload) often incur quite a significant performance loss.
Software recompilation requires recompiling lots of pieces of software and usually incurs a severe performance hit.
Vulnerability Name(s)/Subname Official Name/Subname |
CVE | Affected CPU architectures and mitigations | ||||||||
---|---|---|---|---|---|---|---|---|---|---|
Intel [48] | AMD [49] | |||||||||
10th gen | 9th gen | 8th gen* | Zen / Zen+ | Zen 2 [50] | ||||||
Ice Lake [51] |
Cascade/
Comet/ Amber Lake |
Coffee Lake [52] | Whiskey Lake |
Coffee Lake, Amber Lake | ||||||
Spectre | v1 Bounds Check Bypass |
2017-5753 | Software Recompilation [53] | |||||||
v2 Branch Target Injection [54] |
2017-5715 | Hardware + OS/VMM / Software Recompilation |
Microcode + … | Microcode + OS/VMM / Software Recompilation |
Hardware + OS/VMM / Software Recompilation | |||||
Hardware + … [a] | ||||||||||
Meltdown / v3 Rogue Data Cache Load |
2017-5754 | Hardware | OS | Not affected | ||||||
Spectre-NG | v3a Rogue System Register Read |
2018-3640 | Hardware | Hardware | Microcode | Microcode | Microcode | |||
Microcode [b] | Hardware [a] | |||||||||
v4 Speculative Store Bypass [55] |
2018-3639 | [Hardware + OS / ] Software Recompilation |
… | [Microcode + OS / ] Software Recompilation |
OS/VMM | Hardware + OS/VMM | ||||
… [a] | ||||||||||
Lazy FP State Restore | 2018-3665 | OS/VMM [56] | Not affected | |||||||
v1.1 Bounds Check Bypass Store |
2018-3693 | Software Recompilation [57] | ||||||||
SpectreRSB
[58]/ret2spec
[59] Return Mispredict |
2018-15572 | OS [60] | ||||||||
Foreshadow L1 Terminal Fault (L1TF) [61] |
SGX | 2018-3615 | Not affected | Microcode | Not affected | |||||
OS/ SMM | 2018-3620 | Microcode + OS/VMM | ||||||||
VMM | 2018-3646 | |||||||||
Microarchitectural Data Sampling (MDS) [62] [63] | RIDL | ZombieLoad Fill Buffer (MFBDS) |
2018-12130 | Microcode + OS | ||||||
Load Port (MLPDS) | 2018-12127 | Hardware | Microcode + OS/VMM [c] | |||||||
Hardware [a] | ||||||||||
Fallout Store Buffer (MSBDS) |
2018-12126 | Hardware + Microcode [64] [65] | Microcode + OS/VMM [c] | Microcode + OS/VMM | ||||||
Hardware [a] | ||||||||||
RIDL | Uncacheable Memory (MDSUM) | 2019-11091 | Same as the buffer having entries | |||||||
SWAPGS [66] [67] [68] | 2019-1125 | OS | ||||||||
RIDL (Rogue In-Flight Data Load) |
ZombieLoad v2
[69]
[70] TSX Asynchronous Abort (TAA) [71] [72] |
2019-11135 | Hardware [d] | Microcode + OS/VMM | Existing MDS mitigations | Existing MDS mitigations | ||||
TSX not supported [b] | Microcode + OS/VMM [a] | |||||||||
ZombieLoad/CacheOut L1D Eviction Sampling (L1DES) [73] [74] [75] |
2020-0549 | Not affected | Microcode | Microcode | ||||||
Not affected [b] | ||||||||||
Vector Register Sampling (VRS) [74] [75] | 2020-0548 | Microcode | ||||||||
Not affected [b] | ||||||||||
Load Value Injection (LVI) [76] [77] [78] [79] | 2020-0551 | Software Recompilation (mainly for Intel SGX) | ||||||||
CROSSTalk
[80] Special Register Buffer Data Sampling (SRBDS) [81] |
2020-0543 | Microcode [e] | Microcode | |||||||
Not affected | ||||||||||
Branch History Injection (BHI)
[82] and other forms of intra-mode BTI |
2022-0001 |
Software Recompilation | Not affected | Not affected | ||||||
Software Recompilation [a] | ||||||||||
MMIO Stale Data [83] | Shared Buffers Data Read (SBDR) Shared Buffers Data Sampling (SBDS) |
2022-21123 2022-21125 |
Not affected [f] | Microcode + Software Recompilation | Software Recompilation | Not affected | ||||
Microcode + Software Recompilation [g] | ||||||||||
Device Register Partial Write (DRPW) | 2022-21166 | Microcode | Existing MDS mitigations | |||||||
Branch Type Confusion (BTC) [84] | Phantom [85] | BTC-NOBR BTC-DIR |
2022-23825 | Not affected | OS/VMM | |||||
BTC-IND | Existing Spectre v2 mitigations | |||||||||
Retbleed
[86]
[87]
[88]
[89] BTC-RET |
2022-29900 |
Not affected | OS/VMM | OS/VMM | OS/VMM / Software Recompilation | |||||
Not affected [a] | ||||||||||
Cross-Thread Return Address Predictions [25] [24] | 2022-27672 | Not affected | OS/VMM | |||||||
Zenbleed
[90] Cross-Process Information Leak [91] [92] |
2023-20593 | Not affected | Microcode | |||||||
Inception
[85]
[29]
[93] Speculative Return Stack Overflow (SRSO) |
2023-20569 | Not affected | OS/VMM | |||||||
Downfall
[32]
[33] Gather Data Sampling (GDS) [31] |
2022-40982 | Microcode | Not affected |
The 8th generation Coffee Lake architecture in this table also applies to a wide range of previously released Intel CPUs, not limited to the architectures based on Intel Core, Pentium 4 and Intel Atom starting with Silvermont. [94] [95] Various CPU microarchitectures not included above are also affected, among them are ARM, IBM Power, MIPS and others. [96] [97] [98] [99]
Two mitigation techniques have been developed …: indirect branch control mechanisms and a software approach called … retpoline
To minimize performance impact, we do not currently recommend setting SSBD for OSes, VMMs …
… processors that have the RDCL_NO
bit set to one (1) … are not susceptible to the L1TF …
… MFBDS is mitigated if either theRDCL_NO
orMDS_NO
bit … are set. […]
All processors affected by MSBDS, MFBDS, or MLPDS are also affected by MDSUM for the relevant buffers.
VMMs that already … mitigate L1TF may not need further changes … a VERW
may be needed to overwrite the store buffers …
Intel® Core™ Processor Family (Ice Lake)
{{
cite web}}
: CS1 maint: numeric names: authors list (
link)
… TAA can be mitigated by either applying the MDS software mitigations or by selectively disabling Intel TSX …
{{
cite web}}
: CS1 maint: numeric names: authors list (
link)
… systems that have loaded the microcode … are fully mitigated by default
… potential BHI attacks can be mitigated by adding LFENCE to specific identified gadgets …
For processors … whereMD_CLEAR
may not overwrite fill buffer values, Intel has released microcode updates … so thatVERW
does overwrite fill buffer values. […]
To mitigate this, the OS, VMM, or driver that reads the secret data can reduce the window in which that data remains vulnerable … by performing an additional read of some non-secret data …