Transient execution CPU vulnerability
Transient execution CPU vulnerabilities are vulnerabilities in a computer system in which a speculative execution optimization implemented in a microprocessor is exploited to leak secret data to an unauthorized party. The classic example is Spectre that gave its name to this kind of side-channel attack, but since January 2018 many different vulnerabilities have been identified.
Overview
Modern computers are highly parallel devices, composed of components with very different performance characteristics. If an operation cannot yet be performed because some earlier slow operation has not yet completed, a microprocessor may attempt to predict the result of the earlier operation and execute the later operation speculatively, acting as if the prediction was correct. The prediction may be based on recent behavior of the system. When the earlier, slower operation completes, the microprocessor determines whether prediction was correct or incorrect. If it was correct then execution proceeds uninterrupted; if it was incorrect then the microprocessor rolls back the speculatively executed operations and repeats the original instruction with the real result of the slow operation. Specifically, a transient instruction refers to an instruction processed by error by the processor which can affect the micro-architectural state of the processor, leaving the architectural state without any trace of its execution.In terms of the directly visible behavior of the computer it is as if the speculatively executed code "never happened". However, this speculative execution may affect the state of certain components of the microprocessor, such as the cache, and this effect may be discovered by careful monitoring of the timing of subsequent operations.
If an attacker can arrange that the speculatively executed code operates on secret data that they are unauthorized to access, and has a different effect on the cache for different values of the secret data, they may be able to discover the value of the secret data.
Starting in 2017, multiple examples of such vulnerabilities were identified, with publication starting in early 2018.
Vulnerabilities & Mitigations Summary
| Mitigation Type | Comprehensiveness | Effectiveness | Performance Impact |
| Hardware | Full | Full | None…Small |
| Firmware Microcode Update | Partial | Partial…Full | None…Large |
| OS/VMM | Partial | Partial…Full | Small…Large |
| Software Recompilation | Poor | Partial…Full | Medium…Large |
Hardware mitigations require change to the CPU design and thus a new iteration of hardware, but impose close to zero performance loss. Microcode updates alter the software that the CPU runs on, requiring patches to be released and integrated into every operating system and for each CPU. OS/VMM mitigations are applied at the operating system or virtual machine level and often incur quite a significant performance loss. Software recompilation requires recompiling every piece of software and usually incur a severe performance hit.
The 8th generation Coffee Lake architecture in this table also applies to a wide range of previously released Intel CPUs, not limited to the architectures based on Intel Core, Pentium 4 and Intel Atom starting with Silvermont.. Various CPU microarchitectures not included above are also affected, among them are IBM Power, ARM, MIPS and others..