目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1336

100%

CWE-1422 类漏洞列表 1

CWE-1422 类弱点 1 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-1422 属于瞬态执行期间的数据转发错误漏洞。攻击者利用处理器预测机制,诱导错误数据进入瞬态操作,并通过侧信道隐蔽地窃取敏感信息。开发者应确保在瞬态执行阶段正确清理或隔离数据,避免将未处理或过时的状态转发给后续操作,同时采用内存安全机制防止敏感数据泄露,从而有效缓解此类风险。

MITRE CWE 官方描述
CWE:CWE-1422 瞬态执行(Transient Execution)期间因错误的数据转发(Incorrect Data Forwarding)导致敏感信息暴露 英文:处理器事件或预测可能允许错误(incorrect)或陈旧(stale)数据被转发至瞬态操作(transient operations),从而可能通过隐蔽信道(covert channel)暴露数据。 软件可能使用多种技术来保护当前处理器上下文中可访问的私有数据的机密性。例如,某些高级编程语言(high-level programming languages)的内存安全(memory safety)和类型安全(type safety)属性有助于防止用这些语言编写的软件暴露私有数据。作为第二个示例,软件沙箱(software sandboxes)可将多个用户的软件共置于单个进程中。处理器的指令集架构(ISA)可能允许一个用户的软件访问另一个用户的数据(因为软件共享相同的地址空间),但沙箱通过使用边界检查(bounds checking)等软件技术来防止这些访问。如果错误(incorrect)或陈旧(stale)数据(例如,来自缓存)可以被转发至瞬态操作,则这些操作的微架构侧信道效应(microarchitectural side effects)可能与该数据相对应。如果攻击者能够触发这些瞬态操作并通过隐蔽信道观察其侧信道效应,则攻击者可能能够推断出该数据。例如,攻击者进程可能在受害者进程中引发瞬态执行,导致受害者无意中访问并通过隐蔽信道暴露其私有数据。在软件沙箱示例中,攻击者沙箱可能在其自身代码中引发瞬态执行,从而允许其瞬态访问并暴露共享相同地址空间的受害者沙箱中的数据。因此,由错误/陈旧数据转发引起的弱点可能会违反用户对基于软件的内存安全和隔离技术的期望。如果硬件供应商未正确记录数据转发行为,这可能会违反软件供应商对硬件应如何行为的期望。
常见影响 (1)
ConfidentialityRead Memory
缓解措施 (5)
Architecture and DesignThe hardware designer can attempt to prevent transient execution from causing observable discrepancies in specific covert channels.
Effectiveness: Limited
RequirementsProcessor designers, system software vendors, or other agents may choose to restrict the ability of unprivileged software to access to high-resolution timers that are commonly used to monitor covert channels.
Effectiveness: Defense in Depth
RequirementsProcessor designers may expose instructions or other architectural features that allow software to mitigate the effects of transient execution, but without disabling predictors. These features may also help to limit opportunities for data exposure.
Effectiveness: Moderate
RequirementsProcessor designers may expose registers (for example, control registers or model-specific registers) that allow privileged and/or user software to disable specific predictors or other hardware features that can cause confidential data to be exposed during transient execution.
Effectiveness: Limited
Build and CompilationUse software techniques (including the use of serialization instructions) that are intended to reduce the number of instructions that can be executed transiently after a processor event or misprediction.
Effectiveness: Incidental
代码示例 (2)
Faulting loads in a victim domain may trigger incorrect transient forwarding, which leaves secret-dependent traces in the microarchitectural state. Consider this code sequence example from [REF-1391].
void call_victim(size_t untrusted_arg) { *arg_copy = untrusted_arg; array[**trusted_ptr * 4096]; }
Bad · C
Some processors try to predict when a store will forward data to a subsequent load, even when the address of the store or the load is not yet known. For example, on Intel processors this feature is called a Fast Store Forwarding Predictor [REF-1392], and on AMD processors the feature is called Predictive Store Forwarding [REF-1393]. A misprediction can cause incorrect or stale …
void fn(int idx) { unsigned char v; idx_array[0] = 4096; v = array[idx_array[idx] * (idx)]; }
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2024-7881 ARM CPU 安全漏洞 — Neoverse V2 7.5 -2025-01-28

CWE-1422 是常见的弱点类别,本平台收录该类弱点关联的 1 条 CVE 漏洞。