目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1336

100%

CWE-1420 类漏洞列表 3

CWE-1420 类弱点 3 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-1420 属于瞬态执行漏洞,源于处理器预测错误导致未提交的操作泄露敏感数据。攻击者利用侧信道(如缓存时序)窃取这些瞬态执行产生的中间状态信息。开发者需通过硬件微码更新、软件屏障指令及隔离关键数据区域来缓解风险,确保瞬态操作不泄露机密信息,从而保障系统安全。

MITRE CWE 官方描述
CWE:CWE-1420 瞬态执行期间敏感信息泄露 英文:处理器事件或预测可能导致错误的操作(或带有错误数据的正确操作)在瞬态执行,从而可能通过隐蔽信道泄露数据。 当操作执行但未提交至处理器的架构状态时,这通常被称为瞬态执行。这种行为可能发生在处理器错误预测结果(例如分支目标)时,或者在处理处理器事件(例如异常或微码辅助等)时,而较年轻的操作已经执行完毕。瞬态执行的操作可能在隐蔽信道(如数据缓存)中表现出可观察的差异(CWE-203)[REF-1400]。此类可观察的差异可以通过时序分析或功耗分析技术进行检测和分析,从而使攻击者能够推断出关于瞬态执行操作的信息。例如,攻击者可能能够推断出那些操作访问或使用的机密数据。瞬态执行弱点可以通过两种方法之一被利用。在第一种方法中,攻击者生成一段代码序列,当该序列瞬态执行时,会通过隐蔽信道暴露数据(攻击者还必须能够触发瞬态执行)。一些瞬态执行弱点只能暴露攻击者处理器上下文中可访问的数据。例如,在软件沙箱中执行代码的攻击者可能能够利用瞬态执行弱点来暴露同一地址空间内但位于攻击者沙箱之外的数据。其他瞬态执行弱点可以暴露架构上不可访问的数据,即受硬件强制执行边界(如页表或特权环)保护的数据。这些弱点是 CWE-1421 的主题。在第二种利用方法中,攻击者首先识别受害者程序中的一段代码序列,当该序列瞬态执行时,可以暴露受害者处理器上下文中架构上可访问的数据。例如,攻击者可能在受害者程序中搜索类似于边界检查绕过序列的代码序列(参见演示示例 1)。如果攻击者能够触发条件分支的错误预测并影响越界数组访问的索引,那么攻击者可能能够通过监控隐蔽信道中的可观察差异来推断越界数据的值。
常见影响 (1)
ConfidentialityRead Memory
缓解措施 (5)
Architecture and DesignThe hardware designer can attempt to prevent transient execution from causing observable discrepancies in specific covert channels.
Effectiveness: Limited
RequirementsProcessor designers may expose instructions or other architectural features that allow software to mitigate the effects of transient execution, but without disabling predictors. These features may also help to limit opportunities for data exposure.
Effectiveness: Moderate
RequirementsProcessor designers may expose registers (for example, control registers or model-specific registers) that allow privileged and/or user software to disable specific predictors or other hardware features that can cause confidential data to be exposed during transient execution.
Effectiveness: Limited
RequirementsProcessor designers, system software vendors, or other agents may choose to restrict the ability of unprivileged software to access to high-resolution timers that are commonly used to monitor covert channels.
Effectiveness: Defense in Depth
Build and CompilationIsolate sandboxes or managed runtimes in separate address spaces (separate processes). For examples, see [REF-1421].
Effectiveness: High
代码示例 (2)
Secure programs perform bounds checking before accessing an array if the source of the array index is provided by an untrusted source such as user input. In the code below, data from array1 will not be accessed if x is out of bounds. The following code snippet is from [REF-1415]:
if (x < array1_size) y = array2[array1[x] * 4096];
Bad · C
Some managed runtimes or just-in-time (JIT) compilers may overwrite recently executed code with new code. When the instruction pointer enters the new code, the processor may inadvertently execute the stale code that had been overwritten. This can happen, for instance, when the processor issues a store that overwrites a sequence of code, but the processor fetches and executes the (stale) code befor…
CVE ID标题CVSS风险等级Published
CVE-2025-54505 AMD CPU 安全漏洞 — AMD EPYC™ 7001 Series Processors 5.5AIMediumAI2026-04-27
CVE-2024-36348 AMD Processors 安全漏洞 — AMD EPYC™ 7002 Series Processors 3.8 Low2025-07-08
CVE-2024-36349 AMD Processors 安全漏洞 — AMD EPYC™ 7002 Series Processors 3.8 Low2025-07-08

CWE-1420 是常见的弱点类别,本平台收录该类弱点关联的 3 条 CVE 漏洞。