Standardlikelihood: Lowseverity: Very HighStable

CAPEC-663Exploitation of Transient Instruction Execution

Abstraction
Standard
Status
Stable
Likelihood
Low
Severity
Very High

Description

An adversary exploits a hardware design flaw in a CPU implementation of transient instruction execution to expose sensitive data and bypass/subvert access control over restricted resources. Typically, the adversary conducts a covert channel attack to target non-discarded microarchitectural changes caused by transient executions such as speculative execution, branch prediction, instruction pipelining, and/or out-of-order execution. The transient execution results in a series of instructions (gadgets) which construct covert channel and access/transfer the secret data.

Related weaknesses· 3

CWE-1037CWE-1303CWE-1264

Related attack patterns· 6

CAPEC-74 (ChildOf)CAPEC-184 (ChildOf)CAPEC-141 (CanPrecede)CAPEC-212 (PeerOf)CAPEC-124 (PeerOf)CAPEC-180 (PeerOf)

Exploits3

TypeTargetConfidenceTier
WeaknessNon-Transparent Sharing of Microarchitectural Resourcescwe-1303100%live
WeaknessProcessor Optimization Removal or Modification of Security-critical Codecwe-1037100%live
WeaknessHardware Logic with Insecure De-Synchronization between Control and Data Channelscwe-1264100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Load Value Injection
CWE
Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution
CAPEC
Exploitation of Improperly Controlled Registers
CWE
Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution
CWE
Exposure of Sensitive Information during Transient Execution
CWE
Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.