CAPEC-696: Load Value Injection

An adversary exploits a hardware design flaw in a CPU implementation of transient instruction execution in which a faulting or assisted load instruction transiently forwards adversary-controlled data from microarchitectural buffers. By inducing a page fault or microcode assist during victim execution, an adversary can force legitimate victim execution to operate on the adversary-controlled data which is stored in the microarchitectural buffers. The adversary can then use existing code gadgets and side channel analysis to discover victim secrets that have not yet been flushed from microarchitectural state or hijack the system control flow.

Very High

Typical severity

Per MITRE

Low

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Detailed

Abstraction

MITRE classification

CAPEC-696: Load Value Injection

Overview

How the attack works

What the attacker needs

Prerequisites

Skills required

Consequences

How to mitigate it

How to detect it

Frequently asked questions

What is CAPEC-696?

How does a Load Value Injection attack work?

How do you prevent CAPEC-696?

What weaknesses does CAPEC-696 target?

How severe is CAPEC-696?

References

Defend against CAPEC-696