Transient execution CPU vulnerability explained

See main article: Downfall (security vulnerability) and Foreshadow. Transient execution CPU vulnerabilities are vulnerabilities in a computer system in which a speculative execution optimization implemented in a microprocessor is exploited to leak secret data to an unauthorized party. The archetype is Spectre, and transient execution attacks like Spectre belong to the cache-attack category, one of several categories of side-channel attacks. Since January 2018 many different cache-attack vulnerabilities have been identified.

Overview

Modern computers are highly parallel devices, composed of components with very different performance characteristics. If an operation (such as a branch) cannot yet be performed because some earlier slow operation (such as a memory read) has not yet completed, a microprocessor may attempt to predict the result of the earlier operation and execute the later operation speculatively, acting as if the prediction was correct. The prediction may be based on recent behavior of the system. When the earlier, slower operation completes, the microprocessor determines whether prediction was correct or incorrect. If it was correct then execution proceeds uninterrupted; if it was incorrect then the microprocessor rolls back the speculatively executed operations and repeats the original instruction with the real result of the slow operation. Specifically, a transient instruction[1] refers to an instruction processed by error by the processor (incriminating the branch predictor in the case of Spectre) which can affect the micro-architectural state of the processor, leaving the architectural state without any trace of its execution.

In terms of the directly visible behavior of the computer it is as if the speculatively executed code "never happened". However, this speculative execution may affect the state of certain components of the microprocessor, such as the cache, and this effect may be discovered by careful monitoring of the timing of subsequent operations.

If an attacker can arrange that the speculatively executed code (which may be directly written by the attacker, or may be a suitable gadget that they have found in the targeted system) operates on secret data that they are unauthorized to access, and has a different effect on the cache for different values of the secret data, they may be able to discover the value of the secret data.

Timeline

2018

In early January 2018, it was reported that all Intel processors made since 1995[2] [3] (besides Intel Itanium and pre-2013 Intel Atom) have been subject to two security flaws dubbed Meltdown and Spectre.[4] [5]

The impact on performance resulting from software patches is "workload-dependent". Several procedures to help protect home computers and related devices from the Spectre and Meltdown security vulnerabilities have been published.[6] [7] [8] [9] Spectre patches have been reported to significantly slow down performance, especially on older computers; on the newer 8th-generation Core platforms, benchmark performance drops of 2–14% have been measured.[10] Meltdown patches may also produce performance loss.[11] [12] [13] It is believed that "hundreds of millions" of systems could be affected by these flaws.[14] More security flaws were disclosed on May 3, 2018,[15] on August 14, 2018, on January 18, 2019, and on March 5, 2020.

At the time, Intel was not commenting on this issue.[16] [17]

On March 15, 2018, Intel reported that it will redesign its CPUs (performance losses to be determined) to protect against the Spectre security vulnerability, and expects to release the newly redesigned processors later in 2018.[18] [19]

On May 3, 2018, eight additional Spectre-class flaws were reported. Intel reported that they are preparing new patches to mitigate these flaws.[20]

On August 14, 2018, Intel disclosed three additional chip flaws referred to as L1 Terminal Fault (L1TF). They reported that previously released microcode updates, along with new, pre-release microcode updates can be used to mitigate these flaws.[21] [22]

2019

On January 18, 2019, Intel disclosed three new vulnerabilities affecting all Intel CPUs, named "Fallout", "RIDL", and "ZombieLoad", allowing a program to read information recently written, read data in the line-fill buffers and load ports, and leak information from other processes and virtual machines.[23] [24] [25] Coffee Lake-series CPUs are even more vulnerable, due to hardware mitigations for Spectre.[26]

2020

On March 5, 2020, computer security experts reported another Intel chip security flaw, besides the Meltdown and Spectre flaws, with the systematic name (or "Intel CSME Bug").[27] This newly found flaw is not fixable with a firmware update, and affects nearly "all Intel chips released in the past five years".[28] [29] [30]

2021

In March 2021 AMD security researchers discovered that the Predictive Store Forwarding algorithm in Zen 3 CPUs could be used by malicious applications to access data it shouldn't be accessing.[31] According to Phoronix there's little performance impact in disabling the feature.[32]

In June 2021, two new vulnerabilities, Speculative Code Store Bypass (SCSB, CVE-2021-0086) and Floating Point Value Injection (FPVI, CVE-2021-0089), affecting all modern x86-64 CPUs both from Intel and AMD were discovered.[33] In order to mitigate them software has to be rewritten and recompiled. ARM CPUs are not affected by SCSB but some certain ARM architectures are affected by FPVI.[34]

In August 2021 a vulnerability called "Transient Execution of Non-canonical Accesses" affecting certain AMD CPUs was disclosed.[35] [36] [37] It requires the same mitigations as the MDS vulnerability affecting certain Intel CPUs.[38] It was assigned CVE-2020-12965. Since most x86 software is already patched against MDS and this vulnerability has the exact same mitigations, software vendors don't have to address this vulnerability.

In October 2021 for the first time ever a vulnerability similar to Meltdown was disclosed[39] [40] to be affecting all AMD CPUs however the company doesn't think any new mitigations have to be applied and the existing ones are already sufficient.[41]

2022

In March 2022, a new variant of the Spectre vulnerability called Branch History Injection was disclosed.[42] [43] It affects certain ARM64 CPUs[44] and the following Intel CPU families: Cascade Lake, Ice Lake, Tiger Lake and Alder Lake. According to Linux kernel developers AMD CPUs are also affected.[45]

In March 2022, a vulnerability affecting a wide range of AMD CPUs was disclosed under CVE-2021-26341.[46] [47]

In June 2022, multiple MMIO Intel CPUs vulnerabilities related to execution in virtual environments were announced.[48] The following CVEs were designated: CVE-2022-21123, CVE-2022-21125, CVE-2022-21166.

In July 2022, the Retbleed vulnerability was disclosed affecting Intel Core 6 to 8th generation CPUs and AMD Zen 1, 1+ and 2 generation CPUs. Newer Intel microarchitectures as well as AMD starting with Zen 3 are not affected. The mitigations for the vulnerability decrease the performance of the affected Intel CPUs by up to 39%, while AMD CPUs lose up to 14%.

In August 2022, the SQUIP vulnerability was disclosed affecting Ryzen 2000–5000 series CPUs.[49] According to AMD the existing mitigations are enough to protect from it.[50]

According to a Phoronix review released in October, 2022 Zen 4/Ryzen 7000 CPUs are not slowed down by mitigations, in fact disabling them leads to a performance loss.[51] [52]

2023

In February 2023 a vulnerability affecting a wide range of AMD CPU architectures called "Cross-Thread Return Address Predictions" was disclosed.[53]

In July 2023 a critical vulnerability in the Zen 2 AMD microarchitecture called Zenbleed was made public.[54] https://lock.cmpxchg8b.com/zenbleed.html AMD released a microcode update to fix it.[55]

In August 2023 a vulnerability in AMD's Zen 1, Zen 2, Zen 3, and Zen 4 microarchitectures called Inception[56] [57] was revealed and assigned CVE-2023-20569. According to AMD it is not practical but the company will release a microcode update for the affected products.

Also in August 2023 a new vulnerability called Downfall or Gather Data Sampling was disclosed, affecting Intel CPU Skylake, Cascade Lake, Cooper Lake, Ice Lake, Tiger Lake, Amber Lake, Kaby Lake, Coffee Lake, Whiskey Lake, Comet Lake & Rocket Lake CPU families. Intel will release a microcode update for affected products.

The SLAM[58] [59] [60] [61] vulnerability (Spectre based on Linear Address Masking) reported in 2023 neither has received a corresponding CVE, nor has been confirmed or mitigated against.

2024

In March 2024, a variant of Spectre-V1 attack called GhostRace was published.[62] It was claimed it affected all the major microarchitectures and vendors, including Intel, AMD and ARM. It was assigned CVE-2024-2193. AMD dismissed the vulnerability (calling it "Speculative Race Conditions (SRCs)") claiming that existing mitigations were enough.[63] Linux kernel developers chose not to add mitigations citing performance concerns.[64] The Xen hypervisor project released patches to mitigate the vulnerability but it's not enabled by default.[65]

Also in March 2024, a vulnerability in Intel Atom processors called Register File Data Sampling (RFDS) was revealed.[66] It was assigned CVE-2023-28746. Its mitigations incur a slight performance degradation.[67]

In April 2024, it was revealed that the BHI vulnerability in certain Intel CPU families could be still exploited in Linux entirely in user space without using any kernel features or root access despite existing mitigations.[68] [69] [70] Intel recommended "additional software hardening".[71] The attack was assigned a new CVE-2024-2201.

In July 2024, UC San Diego researchers revealed the Indirector attack against Intel Alder Lake and Raptor Lake CPUs leveraging high-precision Branch Target Injection (BTI).[72] [73] [74] Intel downplayed the severity of the vulnerability and claimed the existing mitigations are enough to tackle the issue.[75] No CVE was assigned.

Future

Spectre class vulnerabilities will remain unfixed because otherwise CPU designers will have to disable speculative execution which will entail a massive performance loss. Despite this, AMD has managed to design Zen 4 such a way its performance is not affected by mitigations.

Vulnerabilities and mitigations summary

Mitigation Type Comprehensiveness Effectiveness Performance impact Description
HardwareFullFullNone to smallRequire changes to the CPU design and thus a new iteration of hardware
MicrocodePartial to fullPartial to fullNone to largeUpdates the software that the CPU runs on which requires patches to be released for each affected CPU and integrated into every BIOS or operating system
OS/VMMPartialPartial to fullSmall to largeApplied at the operating system or virtual machine level and (depending on workload)
Software recompilationPoorPartial to fullMedium to largeRequires recompiling lots of pieces of software
--fix for SBDR & SBDS-->"Vulnerability Name(s)/Subname
Official Name/Subname
CVEAffected CPU architectures and mitigations
Intel[76] AMD[77]
10th gen 9th gen 8th gen*Zen / Zen+Zen 2[78]
Ice Lake[79] Cascade / Comet /
Amber Lake
Coffee Lake[80] Whiskey LakeCoffee Lake,
Amber Lake
Spectrev1
Bounds Check Bypass
colspan="7"
v2
Branch Target Injection[81]
rowspan="2"
colspan="2"
Meltdown / v3
Rogue Data Cache Load
colspan="4" colspan="2" rowspan="3"
Spectre-NGv3a
Rogue System Register Read
rowspan="2"
v4
Speculative Store Bypass[82]
rowspan="2" rowspan="2"
Lazy FP State Restorecolspan="2"
v1.1
Bounds Check Bypass Store
colspan="7"
SpectreRSB[83] /ret2spec[84]
Return Mispredict
colspan="7"
Foreshadow
L1 Terminal Fault (L1TF)[85]
SGXcolspan="2" rowspan="19"
OS/SMMrowspan="2"
VMM
Microarchitectural Data Sampling (MDS)[86] [87] RIDLZombieLoad
Fill Buffer (MFBDS)
rowspan="3"
Load Port (MLPDS)colspan="3"
colspan="3"
Fallout
Store Buffer (MSBDS)
rowspan="3"
colspan="4"
RIDLUncacheable Memory (MDSUM)colspan="4"
SWAPGS[88] [89] [90] colspan="5"
RIDL
(Rogue In-Flight Data Load)
ZombieLoad v2[91] [92]
TSX Asynchronous Abort (TAA)[93] [94]
rowspan="2"
colspan="2"

L1D Eviction Sampling (L1DES)[95] [96] [97]
colspan="3" rowspan="4"
Vector Register Sampling (VRS)
Load Value Injection (LVI)[98] [99] [100] [101] colspan="4"
CROSSTalk[102]
Special Register Buffer Data Sampling (SRBDS)[103]
rowspan="2" colspan="3"
Floating Point Value Injection (FPVI)[104] [105]
colspan="7" rowspan="2"
Speculative Code Store Bypass (SCSB)[106]
Branch History Injection (BHI)[107]
and other forms of intra-mode BTI

rowspan="2" colspan="3"
colspan="2"
MMIO Stale Data[108] Shared Buffers Data Read (SBDR)colspan="2" rowspan="3"
Shared Buffers Data Sampling (SBDS)
Device Register Partial Write (DRPW)
Branch Type Confusion (BTC)[109] BTC-NOBR
BTC-DIR
colspan="2"
BTC-INDcolspan="2"
Retbleed[110] [111] [112] [113]
BTC-RET

rowspan="2" colspan="2"
colspan="2"
Cross-Thread Return Address Predictions[114] [115] colspan="5" colspan="2"
Zenbleed[116]
Cross-Process Information Leak[117] [118]
colspan="6"
Inception<--research page and PDF title (metadata) spell it like that; the whitepaper itself uses capitalization, but subsequent letters are still smaller than the first one-->[119] [120]
Speculative Return Stack Overflow (SRSO)
colspan="5" colspan="2"
Downfall[121] [122]
Gather Data Sampling (GDS)[123]
colspan="5"
The 8th generation Coffee Lake architecture in this table also applies to a wide range of previously released Intel CPUs, not limited to the architectures based on Intel Core, Pentium 4 and Intel Atom starting with Silvermont.[124] [125] Various CPU microarchitectures not included above are also affected, among them are ARM, IBM Power, MIPS and others.[126] [127] [128] [129]

Notes

External links

Notes and References

  1. Web site: Spectre Attacks: Exploiting Speculative Execution . 2020-04-16 . Kocher . Paul . Horn . Jann . Fogh . Anders . Genkin . Daniel . Gruss . Daniel.
  2. News: Processor vulnerabilities could leave most computers open to hackers. Ariel. Bogle. ABC News. January 4, 2018. January 4, 2018. January 5, 2018. https://web.archive.org/web/20180105012827/http://www.abc.net.au/news/science/2018-01-04/intel-chip-flaw-a-security-threat/9303280. live.
  3. News: Fix for critical Intel chip flaw will slow down millions of computers. https://ghostarchive.org/archive/20220110/https://www.telegraph.co.uk/technology/2018/01/03/fix-critical-intel-chip-flaw-will-slow-millions-computers/ . January 10, 2022 . live. subscription . The Telegraph. Margi. Murphy. January 3, 2018. Telegraph Media Group. January 3, 2017.
  4. Web site: Kernel panic! What are Meltdown and Spectre, the bugs affecting nearly every computer and device?. Devin. Coldewey. January 4, 2018. January 4, 2018. January 4, 2018. https://web.archive.org/web/20180104022457/https://techcrunch.com/2018/01/03/kernel-panic-what-are-meltdown-and-spectre-the-bugs-affecting-nearly-every-computer-and-device/. live.
  5. A Critical Intel Flaw Breaks Basic Security for Most Computers. Wired. January 4, 2018. Greenberg. Andy. January 3, 2018. https://web.archive.org/web/20180103204011/https://www.wired.com/story/critical-intel-flaw-breaks-basic-security-for-most-computers/. live.
  6. News: Metz . Cade . Chen . Brian X. . What You Need to Do Because of Flaws in Computer Chips. https://ghostarchive.org/archive/20220103/https://www.nytimes.com/2018/01/04/technology/meltdown-spectre-questions.html . 2022-01-03 . subscription . live . January 4, 2018 . . mdy-all . 2018-01-05.
  7. Web site: Pressman . Aaron . Why Your Web Browser May Be Most Vulnerable to Spectre and What to Do About It . January 5, 2018 . . mdy-all . 2018-01-05 . January 10, 2018 . https://web.archive.org/web/20180110161156/http://fortune.com/2018/01/05/spectre-safari-chrome-firefox-internet-explorer/ . live .
  8. Web site: Chacos . Brad . How to protect your PC from the major Meltdown and Spectre CPU flaws . January 4, 2018 . . 2018-01-04 . live . https://web.archive.org/web/20180104231745/https://www.pcworld.com/article/3245810/security/how-to-protect-your-pc-meltdown-spectre-cpu-flaws.html . mdy-all . 2018-01-04.
  9. Web site: Elliot . Matt . Security – How to protect your PC against the Intel chip flaw – Here are the steps to take to keep your Windows laptop or PC safe from Meltdown and Spectre. . January 4, 2018 . . 2018-01-04 . live . https://web.archive.org/web/20180104225045/https://www.cnet.com/how-to/how-to-protect-your-pc-against-the-intel-chip-flaw/ . mdy-all . 2018-01-04.
  10. Web site: Hachman . Mark . Microsoft tests show Spectre patches drag down performance on older PCs . January 9, 2018 . . mdy-all . 2018-01-09 . February 9, 2018 . https://web.archive.org/web/20180209120423/https://www.pcworld.com/article/3245742/components-processors/microsoft-tests-show-spectre-patches-drag-down-performance-on-older-pcs.html . live .
  11. News: Researchers Discover Two Major Flaws in the World's Computers . Metz . Cade . January 3, 2018 . . 2018-01-03 . Perlroth . Nicole . 0362-4331 . live . https://web.archive.org/web/20180103224048/https://www.nytimes.com/2018/01/03/business/computer-flaws.html . mdy-all . 2018-01-03.
  12. Web site: Computer chip scare: What you need to know . January 4, 2018 . . mdy-all . 2018-01-04 . October 11, 2020 . https://web.archive.org/web/20201011235525/https://www.bbc.com/news/technology-42562303 . live .
  13. News: Intel says processor bug isn't unique to its chips and performance issues are 'workload-dependent' . The Verge . mdy-all . 2018-01-04 . January 3, 2018 . https://web.archive.org/web/20180103223052/https://www.theverge.com/2018/1/3/16846540/intel-processor-security-flaw-bug-response . live .
  14. Web site: Meltdown and Spectre. meltdownattack.com. January 4, 2018. January 3, 2018. https://web.archive.org/web/20180103235911/https://meltdownattack.com/#faq-systems-spectre. live.
  15. Web site: Tung. Liam. Are 8 new 'Spectre-class' flaws about to be exposed? Intel confirms it's readying fixes. May 4, 2018. ZDNet. en. May 22, 2018. https://web.archive.org/web/20180522152328/https://www.zdnet.com/article/are-8-new-spectre-class-flaws-about-to-be-exposed/. live.
  16. Web site: Gibbs . Samuel . January 3, 2018 . Major security flaw found in Intel processors . live . https://web.archive.org/web/20180104235656/https://www.theguardian.com/technology/2018/jan/03/major-security-flaw-found-intel-processors-computers-windows-mac-os-linux . January 4, 2018 . January 5, 2018 . Theguardian.com . www.TheGuardian.com.
  17. Web site: January 4, 2018 . How to protect your PC against the major 'Meltdown' CPU security flaw . live . https://web.archive.org/web/20180105002157/https://www.theverge.com/2018/1/4/16848976/how-to-protect-windows-pc-meltdown-security-flaw . January 5, 2018 . January 5, 2018 . TheVerge.com.
  18. News: Warren . Tom . Intel processors are being redesigned to protect against Spectre – New hardware coming later this year . March 15, 2018 . . March 15, 2018 . March 15, 2018 . https://web.archive.org/web/20180315143212/https://www.theverge.com/2018/3/15/17123610/intel-new-processors-protection-spectre-vulnerability . live .
  19. News: Shankland . Stephen . Intel will block Spectre attacks with new chips this year – Cascade Lake processors for servers, coming this year, will fight back against a new class of vulnerabilities, says CEO Brian Krzanich. . March 15, 2018 . . March 15, 2018 . March 15, 2018 . https://web.archive.org/web/20180315164257/https://www.cnet.com/news/intel-blocks-spectre-attacks-with-new-server-chips-this-year/ . live .
  20. Web site: Tung. Liam. Are 8 new 'Spectre-class' flaws about to be exposed? Intel confirms it's readying fixes. ZDNet. May 4, 2018. en. May 22, 2018. https://web.archive.org/web/20180522152328/https://www.zdnet.com/article/are-8-new-spectre-class-flaws-about-to-be-exposed/. live.
  21. News: Intel discloses three more chip flaws . Reuters . August 16, 2018 . August 16, 2018 . https://web.archive.org/web/20180816194524/https://www.reuters.com/article/us-cyber-intel/intel-discloses-three-more-chip-flaws-idUSKBN1KZ280 . live .
  22. Web site: Culbertson . Leslie . Protecting Our Customers through the Lifecycle of Security Threats . Intel Newsroom . August 16, 2018 . August 14, 2018 . https://web.archive.org/web/20180814171651/https://newsroom.intel.com/editorials/protecting-our-customers-through-lifecycle-security-threats/ . live .
  23. Web site: Fallout: Reading Kernel Writes From User Space. RIDL and Fallout: MDS Attacks. https://web.archive.org/web/20190516190421/https://mdsattacks.com/files/fallout.pdf. 2019-05-16 . mdy-all. 2019-05-18.
  24. Web site: RIDL: Rogue In-Flight Data Load. RIDL and Fallout: MDS attacks. https://web.archive.org/web/20190517035356/https://mdsattacks.com/files/ridl.pdf . mdy-all. 2019-05-17.
  25. Web site: ZombieLoad Attack. zombieloadattack.com. mdy-all. 2019-05-18. May 14, 2019. https://web.archive.org/web/20190514182730/https://zombieloadattack.com/. live.
  26. Web site: Intel Released "Coffee Lake" Knowing it Was Vulnerable to Spectre and Meltdown . TECHPOWERUP.
  27. News: Cimpanu . Catalin . Intel CSME bug is worse than previously thought – Researchers say a full patch requires replacing hardware. Only the latest Intel 10th generation CPUs are not affected. . March 5, 2020 . . March 8, 2020 . March 5, 2020 . https://web.archive.org/web/20200305151035/https://www.zdnet.com/article/intel-csme-bug-is-worse-than-previously-thought/ . live .
  28. News: Goodin . Dan . 5 years of Intel CPUs and chipsets have a concerning flaw that's unfixable – Converged Security and Management Engine flaw may jeopardize Intel's root of trust. . March 5, 2020 . . March 6, 2020 . March 6, 2020 . https://web.archive.org/web/20200306020753/https://arstechnica.com/information-technology/2020/03/5-years-of-intel-cpus-and-chipsets-have-a-concerning-flaw-thats-unfixable/ . live .
  29. News: Dent . Steve . Researchers discover that Intel chips have an unfixable security flaw – The chips are vulnerable during boot-up, so they can't be patched with a firmware update. . March 6, 2020 . . March 6, 2020 . March 6, 2020 . https://web.archive.org/web/20200306194109/https://www.engadget.com/2020/03/06/intel-chips-unpatchable-security-flaw/ . live .
  30. News: Staff . Intel Converged Security and Management Engine, Intel Server Platform Services, Intel Trusted Execution Engine, and Intel Active Management Technology Advisory (Intel-SA-00213) . February 11, 2020 . Intel . March 6, 2020 . March 5, 2020 . https://web.archive.org/web/20200305163717/https://www.intel.com/content/www/us/en/support/articles/000033416/technologies.html . live .
  31. Web site: Cutress. Ian. AMD Issues Updated Speculative Spectre Security Status: Predictive Store Forwarding. 2021-04-08. www.anandtech.com.
  32. Web site: Benchmarking AMD Zen 3 With Predictive Store Forwarding Disabled - Phoronix. 2021-04-08. www.phoronix.com.
  33. Web site: Rage Against the Machine Clear. 2021-06-29. VUSec. 8 June 2021 . en-US.
  34. Web site: Speculative Processor Vulnerability Frequently asked questions. 2021-06-29. Arm Developer. en.
  35. Web site: Transient Execution of Non-canonical Accesses.
  36. 2108.10771. Musaev. Saidgani. Fetzer. Christof. Transient Execution of Non-Canonical Accesses. 2021. cs.CR .
  37. Web site: Francisco. Thomas Claburn in San. Boffins find if you torture AMD Zen+, Zen 2 CPUs enough, they are vulnerable to Meltdown-like attack. 2021-09-05. www.theregister.com. en.
  38. Web site: White Paper Software techniques for managing speculation on AMD processors . www.amd.com . 2024-07-28.
  39. Lipp. Moritz. Gruss. Daniel. Schwarz. Michael. 2021-10-19. AMD Prefetch Attacks through Power and Time. USENIX Security Symposium. en.
  40. Web site: AMD Prefetch Attacks through Power and Time.
  41. Web site: Side-channels Related to the x86 PREFETCH Instruction.
  42. Web site: Branch History Injection . 2022-03-08 . VUSec . en-US.
  43. Web site: BHI: The Newest Spectre Vulnerability Affecting Intel & Arm CPUs . 2022-03-08 . www.phoronix.com . en.
  44. Web site: Ltd . Arm . Speculative Processor Vulnerability Spectre-BHB . 2022-03-11 . Arm Developer . en.
  45. Web site: Linux Lands Mitigations For Spectre-BHB / BHI On Intel & Arm, Plus An AMD Change Too . 2022-03-08 . www.phoronix.com . en.
  46. Web site: grsecurity - The AMD Branch (Mis)predictor Part 2: Where No CPU has Gone Before (CVE-2021-26341) . 2022-03-11 . grsecurity.net.
  47. Web site: AMD CPUs May Transiently Execute Beyond Unconditional Direct Branch .
  48. Web site: oss-security - Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities . 2022-06-19 . www.openwall.com.
  49. Web site: AMD Details "SQUIP" Side Channel Vulnerability For Zen's Execution Unit Scheduler . 2022-08-10 . www.phoronix.com . en.
  50. Web site: Execution Unit Scheduler Contention Side-Channel Vulnerability on AMD Processors .
  51. Web site: With AMD Zen 4, It's Surprisingly Not Worthwhile Disabling CPU Security Mitigations . 2022-10-07 . www.phoronix.com . en.
  52. Web site: Disabling Spectre V2 Mitigations Is What Can Impair AMD Ryzen 7000 Series Performance . 2022-10-07 . www.phoronix.com . en.
  53. Web site: oss-sec: Xen Security Advisory 426 v1 (CVE-2022-27672) - x86: Cross-Thread Return Address Predictions . 2023-02-15 . seclists.org . en.
  54. Web site: Paul Alcorn . 2023-07-24 . AMD 'Zenbleed' Bug Allows Data Theft From Zen 2 Processors, Patches Coming . 2023-07-24 . Tom's Hardware . en.
  55. Web site: 2023-07-24 . Cross-Process Information Leak . 2023-07-27 . amd.com.
  56. Web site: 2023-08-08 . Return Address Security Bulletin . 2023-08-08 . amd.com.
  57. Web site: New Inception attack leaks sensitive data from all AMD Zen CPUs . 2023-08-09 . BleepingComputer . en-us.
  58. Web site: SLAM: Spectre based on Linear Address Masking . 2023-12-07 . vusec . en-US.
  59. Web site: TLB-Based Side Channel Attack: Security Update . 2023-12-07 . developer.arm.com.
  60. Web site: oss-sec: SLAM: Spectre based on Linear Address Masking . 2023-12-07 . seclists.org . en.
  61. Web site: New SLAM attack steals sensitive data from AMD, future Intel CPUs . 2023-12-07 . BleepingComputer . en-us.
  62. Web site: GhostRace . 2024-03-12 . vusec . en-US.
  63. Web site: 2024-03-12 . Speculative Race Conditions (SRCs) . amd.com.
  64. Web site: GhostRace Detailed - Speculative Race Conditions Affecting All Major CPUs / ISAs . 2024-03-12 . www.phoronix.com . en.
  65. Web site: oss-sec: Xen Security Advisory 453 v1 (CVE-2024-2193) - GhostRace: Speculative Race Conditions . 2024-03-14 . seclists.org . en.
  66. Web site: Register File Data Sampling . 2024-03-15 . Intel . en.
  67. Web site: The Performance Impact Of Intel's Register File Data Sampling . 2024-03-15 . www.phoronix.com . en.
  68. Web site: InSpectre Gadget . 2024-04-14 . vusec . en-US.
  69. Web site: oss-security - Xen Security Advisory 456 v2 (CVE-2024-2201) - x86: Native Branch History Injection . 2024-04-14 . www.openwall.com.
  70. Web site: 2268118 – (CVE-2024-2201) CVE-2024-2201 hw: cpu: intel:InSpectre Gadget a residual Attack Surface of Cross-privilege Spectre v2 . 2024-04-14 . bugzilla.redhat.com.
  71. Web site: Branch History Injection and Intra-mode Branch Target Injection . 2024-04-14 . Intel . en.
  72. Web site: Indirector . 2024-07-03 . indirector.cpusec.org.
  73. Web site: Latest Intel CPUs impacted by new Indirector side-channel attack . 2024-07-03 . BleepingComputer . en-us.
  74. Web site: Dallin Grimm . 2024-07-03 . Newer Intel CPUs vulnerable to new "Indirector" attack — Spectre-style attacks risk stealing sensitive data; Intel says no new mitigations required . 2024-07-03 . Tom's Hardware . en.
  75. Web site: INTEL-2024-07-02-001- Indirector . 2024-07-03 . Intel . en.
  76. Web site: Affected Processors: Transient Execution Attacks & Related Security Issues by CPU. Intel. November 3, 2023. 2024-03-12. live. https://web.archive.org/web/20210509005823/https://software.intel.com/security-software-guidance/processors-affected-transient-execution-attack-mitigation-product-cpu-model. 2021-05-09.
  77. Web site: AMD Product Security AMD. August 10, 2019. 2019-08-10.
  78. Web site: AMD Zen 2 Microarchitecture Analysis: Ryzen 3000 and EPYC Rome. Cutress. Ian. www.anandtech.com. 2019-06-11.
  79. Web site: The Ice Lake Benchmark Preview: Inside Intel's 10nm. Cutress. Dr Ian. www.anandtech.com. 2019-08-01.
  80. Web site: Intel Core i9-9900K mit 8 Kernen und 5 GHz für Gamer. heise online. October 8, 2018 . de-DE. 2018-10-09.
  81. Intel. January 3, 2018. Branch Target Injection. 2024-03-06. Two mitigation techniques have been developed ...: indirect branch control mechanisms and a software approach called ... retpoline.
  82. Intel. May 21, 2018. Speculative Store Bypass. 2024-03-06. To minimize performance impact, we do not currently recommend setting SSBD for OSes, VMMs ....
  83. Web site: Spectre Returns! Speculation Attacks using the Return Stack Buffer . www.usenix.org . 2019-08-17.
  84. Book: ret2spec: Speculative Execution Using Return Stack Buffers . 2018 . 10.1145/3243734.3243761 . 1807.10364 . Maisuradze . Giorgi . Rossow . Christian . Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security . 2109–2122 . 2018arXiv180710364M . 9781450356930 . 51804116 .
  85. Web site: Processors Affected: L1 Terminal Fault. Intel. August 14, 2018. 2024-03-06. ... processors that have the RDCL_NO bit set to one (1) ... are not susceptible to the L1TF ....
  86. Web site: Processors Affected: Microarchitectural Data Sampling. Intel. May 14, 2019. 2024-03-07. ... MFBDS is mitigated if either the RDCL_NO or MDS_NO bit ... are set. ... All processors affected by MSBDS, MFBDS, or MLPDS are also affected by MDSUM for the relevant buffers..
  87. Intel. March 11, 2021. Disclosed May 14, 2019. Microarchitectural Data Sampling. 2024-03-07. VMMs that already ... mitigate L1TF may not need further changes ... a VERW may be needed to overwrite the store buffers ....
  88. Web site: Bitdefender SWAPGS Attack Mitigation Solutions. 2019-08-07. www.bitdefender.com.
  89. Web site: Documentation/admin-guide/hw-vuln/spectre.rst - chromiumos/third_party/kernel - Git at Google. 2019-08-07. chromium.googlesource.com. 2019-08-07. https://web.archive.org/web/20190807125636/https://chromium.googlesource.com/chromiumos/third_party/kernel/%2B/refs/tags/v4.19.65/Documentation/admin-guide/hw-vuln/spectre.rst. dead.
  90. News: Winder. Davey. August 6, 2019. Microsoft Confirms New Windows CPU Attack Vulnerability, Advises All Users To Update Now. Forbes. 2019-08-07.
  91. Web site: Shaun . Nichols. True to its name, Intel CPU flaw ZombieLoad comes shuffling back with new variant. 2019-11-12. www.theregister.co.uk. en.
  92. Web site: Cimpanu. Catalin. Intel's Cascade Lake CPUs impacted by new Zombieload v2 attack. 2019-11-12. ZDNet. en.
  93. Web site: Cyberus Technology: TSX Asynchronous Abort. 2019-11-12. www.cyberus-technology.de. en.
  94. Intel. November 12, 2019. Intel TSX Asynchronous Abort. 2024-03-12. ... TAA can be mitigated by either applying the MDS software mitigations or by selectively disabling Intel TSX ....
  95. Web site: CacheOut. 2020-01-29. cacheoutattack.com.
  96. Web site: MDS Attacks: Microarchitectural Data Sampling. 2020-01-27. mdsattacks.com.
  97. Web site: January 27, 2020. IPAS: INTEL-SA-00329. 2020-01-28. Technology@Intel. en-US.
  98. Web site: LVI: Hijacking Transient Execution with Load Value Injection. 2020-03-10. lviattack.eu.
  99. Web site: INTEL-SA-00334. 2020-03-10. Intel. en.
  100. Web site: Deep Dive: Load Value Injection. 2020-03-10. software.intel.com.
  101. Web site: Thomas . Claburn . You only LVI twice: Meltdown The Sequel strikes Intel chips – and full mitigation against data-meddling flaw will cost you 50%+ of performance. 2020-03-10. www.theregister.co.uk. en.
  102. Web site: CROSSTalk. 2020-06-09. VUSec. en-US.
  103. Intel. June 14, 2022. Disclosed June 9, 2020. Special Register Buffer Data Sampling. 2024-03-21. ... systems that have loaded the microcode ... are fully mitigated by default.
  104. Intel. June 8, 2021. Floating Point Value Injection. 2024-05-03. Managed runtimes impacted by FPVI ....
  105. AMD. June 8, 2021. Speculative Code Store Bypass and Floating-Point Value Injection. 2024-05-03.
  106. Intel. June 8, 2021. Speculative Code Store Bypass. 2024-05-03. For example, some JIT compilers inside web browsers ... may be impacted by SCSB.
  107. Intel. March 11, 2022. Disclosed March 8, 2022. Branch History Injection and Intra-mode Branch Target Injection. 2024-03-22. ... potential BHI attacks can be mitigated by adding LFENCE to specific identified gadgets ....
  108. Intel. June 14, 2022. Processor MMIO Stale Data Vulnerabilities. 2024-04-17. For processors ... where MD_CLEAR may not overwrite fill buffer values, Intel has released microcode updates ... so that VERW does overwrite fill buffer values. ...To mitigate this, the OS, VMM, or driver that reads the secret data can reduce the window in which that data remains vulnerable ... by performing an additional read of some non-secret data.
  109. AMD. AMD CPU Branch Type Confusion. July 12, 2022. 2024-03-25.
  110. Web site: Retbleed: Arbitrary Speculative Code Execution with Return Instructions – Computer Security Group . 2022-07-12 . en-US.
  111. Web site: INTEL-SA-00702 . 2022-07-13 . Intel . en.
  112. Web site: AMD, Intel chips vulnerable to 'Retbleed' Spectre variant . 2022-07-12 . www.theregister.com . en.
  113. Web site: Goodin . Dan . July 12, 2022 . New working speculative execution attack sends Intel and AMD scrambling . 2022-07-12 . Ars Technica . en-us.
  114. Web site: February 14, 2022 . Cross-Thread Return Address Predictions AMD . 2023-08-11.
  115. Web site: [FYI PATCH 0/3] Cross-Thread Return Address Predictions vulnerability [LWN.net] ]. 2023-02-14 . lwn.net.
  116. Web site: security-research/pocs/cpus/zenbleed at master · google/security-research . 2023-07-27 . GitHub . en.
  117. Web site: AMD: Information Leak in Zen 2 . 2023-07-27 . GitHub . en.
  118. Web site: Cross-Process Information Leak . 2023-07-27 . AMD.
  119. Web site: Inception: how a simple XOR can cause a Microarchitectural Stack Overflow . 2023-09-15 . Computer Security Group . en-US.
  120. Web site: oss-security - Xen Security Advisory 434 v1 (CVE-2023-20569) - x86/AMD: Speculative Return Stack Overflow . 2023-09-15 . www.openwall.com.
  121. Web site: Downfall . 2023-08-09 . Downfall Attacks . en-US.
  122. Web site: Downfall and Zenbleed: Googlers helping secure the ecosystem . 2023-08-09 . Google Online Security Blog . en.
  123. Web site: Gather Data Sampling . 2023-08-09 . Intel . en.
  124. Web site: INTEL-SA-00088. Intel. en. 2018-09-01.
  125. Web site: INTEL-SA-00115. Intel. en. 2018-09-01.
  126. Web site: Meltdown and Spectre Status Page. 2019-09-29. wiki.netbsd.org.
  127. Web site: Ltd. Arm. Speculative Processor Vulnerability Cache Speculation Issues Update. 2019-09-29. ARM Developer. en.
  128. Web site: About speculative execution vulnerabilities in ARM-based and Intel CPUs. 2019-09-29. Apple Support. May 31, 2018 . en.
  129. Web site: May 14, 2019. Potential Impact on Processors in the POWER Family. 2019-09-29. IBM PSIRT Blog. en-US.