2024/04/29 更新
Affected Processors: Transient Execution Attacks & Related Security...
https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html
Software Security Guidance from Intel
https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/overview.html
Guidance for System Administrators to Mitigate Transient Execution...
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/sysadmin-guidance-transient-execution-side-channel.html
Loading Microcode from the OS
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/secure-coding/loading-microcode-os.html
Security Best Practices for Side Channel Resistance
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/secure-coding/security-best-practices-side-channel-resistance.html
Guidelines for Mitigating Timing Side Channels Against Cryptographic...
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/secure-coding/mitigate-timing-side-channel-crypto-implementation.html
How to Assess the Risk of Your Application
https://www.intel.com/content/www/us/en/developer/articles/training/software-security-guidance/secure-coding/how-assess-risk-your-application.html
CPUID Enumeration and Architectural MSRs
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/cpuid-enumeration-and-architectural-msrs.html
Indirect Branch Restricted Speculation
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/indirect-branch-restricted-speculation.html
Single Thread Indirect Branch Predictors
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/single-thread-indirect-branch-predictors.html
Indirect Branch Predictor Barrier
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/indirect-branch-predictor-barrier.html
Analyzing Potential Bounds Check Bypass Vulnerabilities
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/analyzing-bounds-check-bypass-vulnerabilities.html
Spectre mitigations in MSVC - C++ Team Blog
https://devblogs.microsoft.com/cppblog/spectre-mitigations-in-msvc/
Mitigating Spectre variant 2 with Retpoline on Windows - Microsoft Community Hub
https://techcommunity.microsoft.com/t5/windows-os-platform-blog/mitigating-spectre-variant-2-with-retpoline-on-windows/ba-p/295618
Retpoline: A Branch Target Injection Mitigation
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/retpoline-branch-target-injection-mitigation.html
Meltdown (security vulnerability) - Wikipedia
https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)
Kernel page-table isolation - Wikipedia
https://en.wikipedia.org/wiki/Kernel_page-table_isolation
KVA Shadow: Mitigating Meltdown on Windows | MSRC Blog | Microsoft Security Response Center
https://msrc.microsoft.com/blog/2018/03/kva-shadow-mitigating-meltdown-on-windows/
Rogue System Register Read / CVE-2018-3640 / INTEL-SA-00115
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/rogue-system-register-read.html
Speculative Store Bypass / CVE-2018-3639 / INTEL-SA-00115
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/speculative-store-bypass.html
Analysis and mitigation of speculative store bypass (CVE-2018-3639) | MSRC Blog | Microsoft Security Response Center
https://msrc.microsoft.com/blog/2018/05/analysis-and-mitigation-of-speculative-store-bypass-cve-2018-3639/
(5) CVE-2018-3615 Foreshadow, CVE-2018-3620 Foreshadow-OS, CVE-2018-3646 Foreshadow-VMM:L1 Terminal Fault(L1TF)
Foreshadow - Wikipedia
https://en.wikipedia.org/wiki/Foreshadow
L1 Terminal Fault
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/intel-analysis-l1-terminal-fault.html
(6) CVE-2018-12126 Fallout(MSBDS), CVE-2018-12127 RIDL(MLPDS), CVE-2018-12130 RIDL/ZombieLoad(MFBDS), CVE-2019-11091 RIDL(MDSUM):Microarchitectural Data Sampling
Microarchitectural Data Sampling - Wikipedia
https://en.wikipedia.org/wiki/Microarchitectural_Data_Sampling
Microarchitectural Data Sampling
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/intel-analysis-microarchitectural-data-sampling.html
Intel® Transactional Synchronization Extensions (Intel® TSX)...
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/intel-tsx-asynchronous-abort.html
Speculative Behavior of SWAPGS and Segment Registers
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/speculative-behavior-swapgs-and-segment-registers.html
Spoiler (security vulnerability) - Wikipedia
https://en.wikipedia.org/wiki/Spoiler_(security_vulnerability)
More Information on Spoiler
https://www.intel.com/content/www/us/en/developer/articles/news/more-information-spoiler.html
CPUの新たな脆弱性 SPOILERの論文を読む - FPGA開発日記
https://msyksphinz.hatenablog.com/entry/2019/03/11/040000
INTEL-SA-00145
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html
Lazy FPU Save/Restore (CVE-2018-3665) - Red Hat Customer Portal
https://access.redhat.com/ja/solutions/3489521
NetBSD 8.0がSpectre V2/V4、Meltdown、Lazy FPUの軽減などを提供
https://www.infoq.com/jp/news/2018/07/netbsd-8-released/
まさみさん⋈語りたいさんはTwitterを使っています:
「Linuxは3.7以降ならeagerfpu=onのブートパラメタで回避可能だし、
4.6以降はデフォルトでeagerfpu有効。
lazyfpuは殆どパフォーマンス的に意味がなかったらしい。
https://t.co/6BqBFDPYrt
コミット。 https://t.co/amgTkvEo9d」
/ Twitter https://twitter.com/mhiramat/status/1007528520208211970
Cyberus Technology - Intel LazyFP vulnerability: Exploiting lazy FPU state switching
https://web.archive.org/web/20230930185339/https://www.cyberus-technology.de/posts/intel-lazyfp-vulnerability/
x86/fpu: Hard-disable lazy FPU mode · torvalds/linux@ca6938a
https://github.com/torvalds/linux/commit/ca6938a1cd8a1c5e861a99b67f84ac166fc2b9e7#diff-6a01d6e7c8d7d23cfa48026e616275e8
うー@技術書典8Day1う31さんはTwitterを使っています:
「逆アセンブルして覗いてみると、AVXレジスタを用いた
mov命令なんて知らなかったなー、みたいな気持ちになる。」
/ Twitter https://twitter.com/uchan_nos/status/1158192868080513024
とみながたけひろさんはTwitterを使っています:
「@uchan_nos このせいで最近はFPU lazy context switchとかが
全然メリットにならないというかむしろ遅くなったりするんですよねえ」
/ Twitter https://twitter.com/takehiro_t/status/1158335098564956160
CacheOut
https://cacheoutattack.com/
L1D Eviction Sampling / CVE-2020-0549 / INTEL-SA-00329
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/l1d-eviction-sampling.html
Processors Affected: L1D Eviction Sampling
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/resources/processors-affected-l1d-eviction-sampling.html
Vector Register Sampling / CVE-2020-0548 , CVE 2020-8696 /...
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/vector-register-sampling.html
Processors Affected: Vector Register Sampling
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/resources/processors-affected-vector-register-sampling.html
LVI: Hijacking Transient Execution with Load Value Injection
https://lviattack.eu/
An Optimized Mitigation Approach for Load Value Injection
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/optimized-mitigation-approach-load-value-injection.html
Load Value Injection
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/load-value-injection.html
Processors Affected: Load Value Injection
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/resources/processors-affected-load-value-injection.html
Snoop-assisted L1 Data Sampling / CVE-2020-0550 / INTEL-SA-00330
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/snoop-assisted-l1-data-sampling.html
Snoop-Assisted L1 Data Sampling
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/snoop-assisted-l1-data-sampling.html
Processors Affected: Snoop-assisted L1 Data Sampling
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/resources/processors-affected-snoop-assisted-l1d-sampling.html
Special Register Buffer Data Sampling
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/special-register-buffer-data-sampling.html
SRBDS Mitigation Impact on Intel® Secure Key
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/srbds-mitigation-impact-intel-secure-key.html
Processors Affected: Special Register Buffer Data Sampling
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/resources/processors-affected-srbds.html
PLATYPUS: With Great Power comes Great Leakage
https://platypusattack.com/
Running Average Power Limit Energy Reporting CVE-2020-8694,...
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/running-average-power-limit-energy-reporting.html
INTEL-SA-00389
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
Hertzbleed Attack
https://www.hertzbleed.com/
Frequency Throttling Side Channel Guidance
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/frequency-throttling-side-channel-guidance.html
INTEL-SA-00698
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html
暗号実装における周波数サイドチャネル攻撃のソフトウェア・ガイダンス
https://www.isus.jp/wp-content/uploads/pdf/887_frequency-throttling-side-channel-guidance.pdf
(18) CVE-2022-0001/CVE-2022-0002 BHI:Branch History Injection and Intra-mode Branch Target Injection
Branch History Injection and Intra-mode Branch Target Injection
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/branch-history-injection.html
Branch History Injection and Intra-mode Branch Target Injection
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html
INTEL-SA-00598
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html
ブランチヒストリーインジェクション〜シン・すべてがNになる〜 - エンタングルメントosugi3yのブログ
https://osugi3y.hatenablog.com/entry/2022/03/13/121244
Retbleed - Wikipedia
https://en.wikipedia.org/wiki/Retbleed
Retbleed: Arbitrary Speculative Code Execution with Return Instructions - Computer Security Group
https://comsec.ethz.ch/research/microarch/retbleed/
Return Stack Buffer Underflow / CVE-2022-29901, CVE-2022-28693 /...
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/return-stack-buffer-underflow.html
INTEL-SA-00702
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html
Downfall (security vulnerability) - Wikipedia
https://en.wikipedia.org/wiki/Downfall_(security_vulnerability)
Downfall
https://downfall.page/
Gather Data Sampling
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/gather-data-sampling.html
INTEL-SA-00828
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html
【再掲】【海外記事】 Gather Data Sampling|ささだんご🎋🍡
https://note.com/sasadango_0503/n/n60651542019b
Register File Data Sampling
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/register-file-data-sampling.html
INTEL-SA-00898
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html
Transient execution CPU vulnerability - Wikipedia
https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerability