Detailedlikelihood: Lowseverity: Very HighDraft

CAPEC-696Load Value Injection

Abstraction
Detailed
Status
Draft
Likelihood
Low
Severity
Very High

Description

An adversary exploits a hardware design flaw in a CPU implementation of transient instruction execution in which a faulting or assisted load instruction transiently forwards adversary-controlled data from microarchitectural buffers. By inducing a page fault or microcode assist during victim execution, an adversary can force legitimate victim execution to operate on the adversary-controlled data which is stored in the microarchitectural buffers. The adversary can then use existing code gadgets and side channel analysis to discover victim secrets that have not yet been flushed from microarchitectural state or hijack the system control flow.

Related weaknesses· 1

CWE-1342

Related attack patterns· 1

CAPEC-663 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessInformation Exposure through Microarchitectural State after Transient Executioncwe-1342100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Exploitation of Transient Instruction Execution
CAPEC
Hardware Fault Injection
CAPEC
Infected Memory
CAPEC
Code Injection
CAPEC
Overflow Buffers
CAPEC
Data Injected During Configuration
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.