Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1420 — Vulnerability Class 3

3 vulnerabilities classified as CWE-1420. AI Chinese analysis included.

CWE-1420 represents a critical architectural weakness where speculative or transient execution exposes sensitive data through covert channels. This vulnerability arises when processors execute instructions based on mispredicted branches or speculative paths that are later discarded, leaving residual data in caches or buffers accessible to malicious actors. Attackers typically exploit this by crafting specific input sequences to trigger speculative execution, then using side-channel techniques like cache timing attacks to infer the transiently processed secret information. To mitigate this risk, developers must implement robust software mitigations such as compiler barriers, explicit cache flushes, and constant-time coding practices that prevent data-dependent branching. Additionally, relying on hardware-level fixes provided by processor manufacturers and ensuring systems are updated with the latest microcode patches is essential for closing these transient execution loopholes and protecting confidential data integrity.

MITRE CWE Description
A processor event or prediction may allow incorrect operations (or correct operations with incorrect data) to execute transiently, potentially exposing data over a covert channel. When operations execute but do not commit to the processor's architectural state, this is commonly referred to as transient execution. This behavior can occur when the processor mis-predicts an outcome (such as a branch target), or when a processor event (such as an exception or microcode assist, etc.) is handled after younger operations have already executed. Operations that execute transiently may exhibit observable discrepancies (CWE-203) in covert channels [REF-1400] such as data caches. Observable discrepancies of this kind can be detected and analyzed using timing or power analysis techniques, which may allow an attacker to infer information about the operations that executed transiently. For example, the attacker may be able to infer confidential data that was accessed or used by those operations. Transient execution weaknesses may be exploited using one of two methods. In the first method, the attacker generates a code sequence that exposes data through a covert channel when it is executed transiently (the attacker must also be able to trigger transient execution). Some transient execution weaknesses can only expose data that is accessible within the attacker's processor context. For example, an attack…
Common Consequences (1)
ConfidentialityRead Memory
Mitigations (5)
Architecture and DesignThe hardware designer can attempt to prevent transient execution from causing observable discrepancies in specific covert channels.
Effectiveness: Limited
RequirementsProcessor designers may expose instructions or other architectural features that allow software to mitigate the effects of transient execution, but without disabling predictors. These features may also help to limit opportunities for data exposure.
Effectiveness: Moderate
RequirementsProcessor designers may expose registers (for example, control registers or model-specific registers) that allow privileged and/or user software to disable specific predictors or other hardware features that can cause confidential data to be exposed during transient execution.
Effectiveness: Limited
RequirementsProcessor designers, system software vendors, or other agents may choose to restrict the ability of unprivileged software to access to high-resolution timers that are commonly used to monitor covert channels.
Effectiveness: Defense in Depth
Build and CompilationIsolate sandboxes or managed runtimes in separate address spaces (separate processes). For examples, see [REF-1421].
Effectiveness: High
Examples (2)
Secure programs perform bounds checking before accessing an array if the source of the array index is provided by an untrusted source such as user input. In the code below, data from array1 will not be accessed if x is out of bounds. The following code snippet is from [REF-1415]:
if (x < array1_size) y = array2[array1[x] * 4096];
Bad · C
Some managed runtimes or just-in-time (JIT) compilers may overwrite recently executed code with new code. When the instruction pointer enters the new code, the processor may inadvertently execute the stale code that had been overwritten. This can happen, for instance, when the processor issues a store that overwrites a sequence of code, but the processor fetches and executes the (stale) code befor…
CVE IDTitleCVSSSeverityPublished
CVE-2025-54505 AMD CPU 安全漏洞 — AMD EPYC™ 7001 Series Processors 5.5AIMediumAI2026-04-27
CVE-2024-36348 AMD Processors 安全漏洞 — AMD EPYC™ 7002 Series Processors 3.8 Low2025-07-08
CVE-2024-36349 AMD Processors 安全漏洞 — AMD EPYC™ 7002 Series Processors 3.8 Low2025-07-08

Vulnerabilities classified as CWE-1420 represent 3 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.