Public |
CVE |
Alias(es) |
CPU Vendors Affected |
Speculative Trigger |
Impact |
Mitigations |
References |
Jan 3, 2018 |
CVE-2017-5753 |
Spectre V1 NetSpectre
(network attack vector) Spectre-PHT |
Intel ARM IBM |
Branch prediction bounds check bypass |
Cross- and intra-process (including kernel) memo=
ry disclosure |
OS Compiler Browser |
https://www.kb.cert.org/vuls=
/id/584653 https://www.intel.com/con=
tent/www/us/en/architecture-and-technology/facts-about-side-channel-analysi=
s-and-intel-products.html https://developer.arm.com/support/arm-securit=
y-updates/speculative-processor-vulnerability https://www.ibm.com/blogs/psirt/potential-=
impact-processors-power-family/ |
Jan 3, 2018 |
CVE-2017-5715 |
Spectre V2 Spectre-BTB |
Intel AMD ARM IBM |
Branch target injection |
Cross- and intra-process (including kernel) memo=
ry disclosure |
Microcode |
https://www.kb.cert.org/vuls=
/id/584653 https://www.intel.com/con=
tent/www/us/en/architecture-and-technology/facts-about-side-channel-analysi=
s-and-intel-products.html https://www=
.amd.com/en/corporate/security-updates https://developer.arm.com/suppor=
t/arm-security-updates/speculative-processor-vulnerability https://www.ibm.com/blogs/psi=
rt/potential-impact-processors-power-family/ |
Jan 3, 2018 |
CVE-2017-5754 |
Spectre V3 Meltdown =
Meltdown-US |
Intel IBM |
Out-of-order execution |
Kernel mem=
ory disclosure to userspace |
OS |
https://www.kb.cert.org/vuls=
/id/584653 https://www.intel.com/con=
tent/www/us/en/architecture-and-technology/facts-about-side-channel-analysi=
s-and-intel-products.html https://www.ibm.com/blogs/psirt/potential-impact-processors-p=
ower-family/ |
May 21, 2018 |
CVE-2018-3640 |
Spectre V3a (RSRE) Meltdown-GP |
Intel ARM
|
System register read |
Disclosure of system register values |
Microcode |
https://www.kb.cert.org/vuls=
/id/180049 https://www.intel.com/content/www/us/en/security-center/advisory/i=
ntel-sa-00115.html https://developer.arm.com/support/arm-security-updat=
es/speculative-processor-vulnerability |
May 21, 2018 |
CVE-2018-3639 |
Spectre V4 (SSB) Spe=
ctre-STL |
Intel AMD ARM IBM |
Memory reads before prior memory write addresses=
known |
Cross- and intra-process (including kernel=
) memory disclosure |
Microcode
OS
|
https://www.kb.cert.org/vuls=
/id/180049 https://www.intel.com/content/www/us/en/security-center/advisory/i=
ntel-sa-00115.html https://www.amd.co=
m/en/corporate/security-updates https://developer.arm.com/support/arm-s=
ecurity-updates/speculative-processor-vulnerability https://www.ibm.com/blogs/psirt/pote=
ntial-impact-processors-power-family/ |
Jun 13, 2018 |
CVE-2018-3665 |
Lazy FP Meltdown-NM
| Intel |
Lazy FPU state restore |
Leak of FPU state |
OS |
https://www.intel.com/content/www/us/en/security-center/advi=
sory/intel-sa-00145.html |
July 10, 2018 |
CVE-2018-3693 |
Spectre1.1 Spectre-PHT |
Intel |
Bounds check bypass store |
Speculative buffer overflow Cross- and =
intra-process (including kernel) memory disclosure |
OS |
https://01.org/s=
ecurity/advisories/intel-oss-10002 https://arxiv.org/a=
bs/1807.03757 |
July 10, 2018 |
N/A |
Spectre1.2 Meltdown-RW =
|
Intel |
Read-only protection bypass |
Overwrite read-only data and pointers C=
ross- and intra-process (including kernel) memory disclosure |
OS |
https://01.org/s=
ecurity/advisories/intel-oss-10002 https://arxiv.org/a=
bs/1807.03757 |
August 14, 2018 |
CVE-2018-3615 |
L1 Terminal Fault: SGX Foreshadow-SGX=
p> Meltdown-P |
Intel |
Transient out-of-order execution |
SGX enclave memory disclosure |
Microcode TCB Recovery |
https://www.kb.cert.org/vuls=
/id/982149 https://www.intel.com/content/www/us/en/security-center/advisory/i=
ntel-sa-00161.html https://foreshadowattack.eu/ =
https://foreshadowattack.eu/foreshadow.pdf |
August 14, 2018 |
CVE-2018-3620 |
L1 Terminal Fault: OS/SMM Foreshadow-OS=
Foreshadow-NG Meltdown-P |
Intel IBM |
Transient out-of-order execution
| OS or SMM memory disclosure |
Microcode OS |
https://www.kb.cert.org/vuls=
/id/982149 https://www.intel.com/content/www/us/en/security-center/advisory/i=
ntel-sa-00161.html https://www.ibm.com/blogs/psirt/potential-impact-processors-power-fam=
ily/ https://foreshadowattack.eu/ https://foreshadowattack.eu/foreshadow-NG.pdf |
August 14, 2018 |
CVE-2018-3646 |
L1 Terminal Fault: VMM Foreshadow-VMM=
p> Foreshadow-NG Meltdown-P |
Intel IBM |
Transient out-of-order execution
| Virtual Machine Monitor (VMM) memory disclosure<=
/td>
| Microcode OS |
https://www.kb.cert.org/vuls=
/id/982149 https://www.intel.com/content/www/us/en/security-center/advisory/i=
ntel-sa-00161.html https://www.ibm.com/blogs/psirt/potential-impact-processors-power-fam=
ily/ https://foreshadowattack.eu/ https://foreshadowattack.eu/foreshadow-NG.pdf |
November 13, 2018 |
|
Spectre-PHT-CA-OP |
Intel ARM AMD |
Pattern History Table |
|
|
https://arxiv.org/abs/1811.05441<=
/td>
|
November 13, 2018 |
|
Spectre-PHT-CA-IP |
Intel ARM AMD |
Pattern History Table |
|
|
https://arxiv.org/abs/1811.05441<=
/td>
|
November 13, 2018 |
|
Spectre-PHT-SA-OP |
Intel ARM AMD |
Pattern History Table |
|
|
https://arxiv.org/abs/1811.05441<=
/td>
|
November 13, 2018 |
|
Spectre-BTB-SA-IP |
Intel ARM AMD |
Branch Target Buffer |
|
|
https://arxiv.org/abs/1811.05441<=
/td>
|
November 13, 2018 |
|
Spectre-BTB-SA-OP |
Intel |
Branch Target Buffer |
|
|
https://arxiv.org/abs/1811.05441<=
/td>
|
November 13, 2018 |
|
Meltdown-PK |
Intel |
Protection Keys |
|
|
https://arxiv.org/abs/1811.05441<=
/td>
|
November 13, 2018 |
|
Meltdown-BND |
Intel AMD |
Bound instruction |
|
|
https://arxiv.org/abs/1811.05441<=
/td>
|
May 14, 2019 |
CVE-2019-11091 |
Zombieload MDSUM |
Intel |
Transient out-of-order execution |
Cross- and intra-process (including kernel) memo=
ry disclosure |
Microcode OS/Hypervisor |
https://zombieloadattac=
k.com/zombieload.pdf https://www.intel.com/content/www/us/en/security-center/=
advisory/intel-sa-00233.html https://software.intel.com/s=
ecurity-software-guidance/software-guidance/microarchitectural-data-samplin=
g https://software.intel.com/security-sof=
tware-guidance/insights/deep-dive-intel-analysis-microarchitectural-data-sa=
mpling https://support.google.com/faqs/a=
nswer/9330250 https://www.chromium.=
org/Home/chromium-security/mds https://aws.amazon.com/security/security-bulletins/AWS-2019-004/=
a> https://por=
tal.msrc.microsoft.com/en-us/security-guidance/advisory/adv190013 https://xenbits.xen.org/xsa/advisory-297.html<=
/p> https://support.apple.com/en-us/HT210107 https://access.redhat.com/security/vuln=
erabilities/mds https://wiki.ubu=
ntu.com/SecurityTeam/KnowledgeBase/MDS |
May 14, 2019 |
CVE-2018-12127 CVE-2=
018-12130 |
RIDL MLPDS MFBDS
|
Intel |
LFB and load port |
Cross- and intra-process (including kernel) memo=
ry disclosure |
Microcode OS/Hypervisor |
https://mdsattacks.com/files/=
ridl.pdf https://www.intel.com/content/www/us/en/security-center/advisory/int=
el-sa-00233.html https://software.intel.com/security-sof=
tware-guidance/software-guidance/microarchitectural-data-sampling https://software.intel.com/security-software-guida=
nce/insights/deep-dive-intel-analysis-microarchitectural-data-sampling<=
/p> https://www.bitdefender.com/files/News/CaseStudies/study/257/Bitdefe=
nder-Whitepaper-YAM-en-EN.pdf https://su=
pport.google.com/faqs/answer/9330250 https://www.chromium.org/Home/chromium-security/mds https://aws.amazon.com/security/security-bu=
lletins/AWS-2019-004/ https://portal.msrc.microsoft.com/en-us/security-guidance/adv=
isory/adv190013 https://xenbits.xen.org/x=
sa/advisory-297.html https://support.apple.com=
/en-us/HT210107 https://access.r=
edhat.com/security/vulnerabilities/mds https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS |
May 14, 2019 |
CVE-2018-12126 |
Fallout MSBDS |
Intel |
Store Buffer and WTF optimization |
Cross- and intra-process (including kernel) memo=
ry disclosure |
Microcode OS/Hypervisor |
https://mdsattacks.com/fil=
es/fallout.pdf https://www.intel.com/content/www/us/en/security-center/advis=
ory/intel-sa-00233.html https://software.intel.com/securi=
ty-software-guidance/software-guidance/microarchitectural-data-sampling=
https://software.intel.com/security-software=
-guidance/insights/deep-dive-intel-analysis-microarchitectural-data-samplin=
g https://support.google.com/faqs/answer=
/9330250 https://www.chromium.org/H=
ome/chromium-security/mds https://aws.amazon.com/security/security-bulletins/AWS-2019-004/ https://portal.m=
src.microsoft.com/en-us/security-guidance/advisory/adv190013 https://xenbits.xen.org/xsa/advisory-297.html https://support.apple.com/en-us/HT210107 https://access.redhat.com/security/vulnerabili=
ties/mds https://wiki.ubuntu.com=
/SecurityTeam/KnowledgeBase/MDS |
November 12, 2019 |
CVE-2019-11135 |
TAA |
Intel |
TSX Asynchronous Abort |
Cross- and intra-process (including kernel) memo=
ry disclosure |
Microcode |
https://www.intel.com/content/www/us/en/security-center/a=
dvisory/intel-sa-00270.html https://software.intel.com/security-software-guidance/insigh=
ts/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-async=
hronous-abort |
January 27, 2020 |
CVE-2020-0548 |
VRS |
Intel |
Vector Register Sampling |
Cross- and intra-process (including kernel=
) memory disclosure |
Microcode |
htt=
ps://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/ http=
s://software.intel.com/security-software-guidance/software-guidance/vector-=
register-sampling https://software.intel.com/security-=
software-guidance/insights/processors-affected-vector-register-sampling=
|
January 27, 2020 |
CVE-2020-0549 |
CacheOut L1DES |
Intel |
L1D Eviction Sampling |
Cross- and intra-process (including kernel=
) memory disclosure |
Microcode |
htt=
ps://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/ https:/=
/software.intel.com/security-software-guidance/software-guidance/l1d-evicti=
on-sampling https://software.intel.com/security-software-=
guidance/insights/processors-affected-l1d-eviction-sampling |
March 6, 2020 |
|
L1D Collide+Probe |
AMD |
L1D cache way predictor =C2=B5Tag collisions |
Cross- and intra-process (including kernel=
) memory disclosure |
OS/Hypervisor |
https://mlq.me/download/takeaw=
ay.pdf https://www.amd.com/en/corpora=
te/product-security |
March 6, 2020 |
|
L1D Load+Reload |
AMD |
L1D cache way predictor for aliased addresses
| Cross- and intra-process (including kernel=
) memory disclosure |
OS/Hypervisor |
https://mlq.me/download/takeaw=
ay.pdf https://www.amd.com/en/corpora=
te/product-security |
March 10, 2020 |
CVE-2020-0551 |
LVI |
Intel |
Load Value Injection |
SGX enclave memory disclosure |
TCB Recovery |
https://lviattack.eu/ https://www.intel.com/con=
tent/www/us/en/security-center/advisory/intel-sa-00334.html |
March 14, 2024 |
|
GhostRace |
AMD, Intel, Linux, Xen |
Race condition on a transiently executed path originating from a m=
is-speculated branch |
Speculative Race Condition (SRC) vulnerability |
Linux Kernel patch, Xen Virutalization Patch, AM=
D OS and Virtlaization API changes recommended. |
https://kb.cert.org/vuls/id/4889=
02 https://xenbits.xen.org/xsa/advisory-4=
53.html https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.h=
tml
|