• Created by user-9a25e, last modified on 2018-06-14

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Overview

Modern CPUs have speculative execution capabilities, which improves processor performance. Depending on the design and architecture of the CPU, speculative execution can introduce side-channel-attack vulnerabilities.

Known Vulnerabilities

CVEAliasesCPUs AffectedSpeculative TriggerImpactMitigationsReferences
CVE-2017-5754MeltdownIntelOut-of-order executionKernel memory disclosure to userspaceOShttps://www.kb.cert.org/vuls/id/584653
https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html
CVE-2017-5753Spectre V1Intel
ARM		Branch prediction bounds check bypassCross- and intra-process (including kernel) memory disclosureOS
Compiler
Browser		https://www.kb.cert.org/vuls/id/584653
https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
CVE-2017-5715Spectre V2Intel
AMD
ARM		Branch target injectionCross- and intra-process (including kernel) memory disclosureMicrocodehttps://www.kb.cert.org/vuls/id/584653
https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html
https://www.amd.com/en/corporate/security-updates
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
CVE-2018-3640Spectre V3a (RSRE)Intel
ARM		System register readCross- and intra-process (including kernel) memory disclosureMicrocodehttps://www.kb.cert.org/vuls/id/180049
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
CVE-2018-3639Spectre V4 (SSB)Intel
AMD
ARM

Memory reads before prior memory write addresses knownCross- and intra-process (including kernel) memory disclosureOS
Microcode		https://www.kb.cert.org/vuls/id/180049
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
https://www.amd.com/en/corporate/security-updates
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
CVE-2018-3665Lazy FPIntelLazy FPU state restoreLeak of FPU stateOShttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html
  • No labels