CWE-1342: Information Exposure through Microarchitectural State after Transient Execution
The processor does not properly clear microarchitectural state after incorrect microcode assists or speculative execution, resulting in transient execution.
Last updated
Overview
In many processor architectures an exception, mis-speculation, or microcode assist results in a flush operation to clear results that are no longer required. This action prevents these results from influencing architectural state that is intended to be visible from software. However, traces of this transient execution may remain in microarchitectural buffers, resulting in a change in microarchitectural state that can expose sensitive information to an attacker using side-channel analysis. For example, Load Value Injection (LVI) [REF-1202] can exploit direct injection of erroneous values into intermediate load and store buffers. Several conditions may need to be fulfilled for a successful attack: incorrect transient execution that results in remanence of sensitive information; attacker has the ability to provoke microarchitectural exceptions; operations and structures in victim code that can be exploited must be identified.
Real-world CVEs
2 recorded CVEs are caused by CWE-1342 (Information Exposure through Microarchitectural State after Transient Execution). The highest-severity and most recent are shown first.
Common consequences
What can happen when CWE-1342 is exploited.
Modify Memory, Read Memory, Execute Unauthorized Code or Commands
Affects: Confidentiality, Integrity
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Applies to
Technologies
Architectures
How to prevent it
Practical mitigations for CWE-1342, grouped by where in the lifecycle they apply.
Hardware ensures that no illegal data flows from faulting micro-ops exists at the microarchitectural level.
Effectiveness: High — Being implemented in silicon it is expected to fully address the known weaknesses with limited performance impact.
Include instructions that explicitly remove traces of unneeded computations from software interactions with microarchitectural elements e.g. lfence, sfence, mfence, clflush.
Effectiveness: High — This effectively forces the processor to complete each memory access before moving on to the next operation. This may have a large performance impact.
Code examples
Illustrative examples from MITRE showing how the weakness appears in code.
Faulting loads in a victim domain may trigger incorrect transient forwarding, which leaves secret-dependent traces in the microarchitectural state. Consider this example from [REF-1203].
Vulnerable example
void call_victim(size_t untrusted_arg) {Illustrative examples
Real CVEs that MITRE cites as examples of this weakness.
- CVE-2020-0551 — Load value injection in some processors utilizing speculative execution may allow an authenticated user to enable information disclosure via a side-channel with local access.
Attack patterns
CAPEC attack patterns that exploit this weakness.
Frequently asked questions
Common questions about CWE-1342.
- What is CWE-1342?
- The processor does not properly clear microarchitectural state after incorrect microcode assists or speculative execution, resulting in transient execution.
- What CVEs are caused by CWE-1342?
- 2 recorded CVEs are attributed to CWE-1342, including CVE-2023-28746, CVE-2022-40982.
- How do you prevent CWE-1342?
- Hardware ensures that no illegal data flows from faulting micro-ops exists at the microarchitectural level.
- What are the consequences of CWE-1342?
- Exploiting CWE-1342 can lead to: Modify Memory, Read Memory, Execute Unauthorized Code or Commands.
- Is CWE-1342 actively exploited?
- 2 recorded CVEs are caused by CWE-1342; none are currently in CISA's KEV catalog of actively exploited flaws.
References
- MITRE CWE definition (CWE-1342) (opens in a new tab)
- CWE-1342 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-1342
Get alerted the moment a new CWE-1342 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.