Software Security Guidance

This information is designed for developers and systems experts looking to understand potential vulnerabilities and assess risk, with resources and recommendations for building more secure solutions.

 

Disclosure Documentation

In-depth descriptions for security issues that impact CPU microarchitectures and for which Intel has assigned a Common Vulnerabilities and Exposure (CVE) score, disclosed in the Security Advisories and the Advisory Guidance pages.

Find technical details on the tools and techniques used to mitigate those vulnerabilities on affected systems.

24 Results
|
There may be additional results restricted from public access; sign in or register to ensure you are seeing all content available to you.
Title
ID
Date
Version
ID:
Date:
Version:1.0
File: URL Content Type: Technical Articles
In some situations, it may be possible to infer stale data using the speculative execution side channel vulnerability Gather Data Sampling (GDS). Intel is providing a microcode update to mitigate GDS.
ID:
Date:
Version:1.0
File: URL Content Type: Technical Articles
Intel researchers have discovered potential issues with the Sub-page Permission (SPP) feature. Although these issues pose no security risk, Intel recommends discontinuing SPP support in all cases.
ID:
Date:
Version:1.1
File: URL Content Type: Technical Articles
On certain processors, malicious firmware might compromise the protections of Intel SGX or Intel TDX environments. Microcode and BIOS updates, as well as a reboot, are needed to mitigate this issue.
ID:
Date:
Version:Latest
File: URL Content Type: Technical Articles
Technical deep dive and mitigation instructions for the cross-domain transient execution attack Load Value Injection (LVI)
ID:
Date:
Version:1.0
File: URL Content Type: Technical Articles
System software for some Intel® Xeon Scalable Processors has been updated to prevent unprivileged users from directly accessing the Intel® DSA and Intel IAA accelerators.
ID:
Date:
Version:1.0
File: URL Content Type: Technical Articles
Technical description of Branch History Injection and Intra-mode Branch Target Injection, which are variants of Branch Target Injection (Spectre variant 2), a cross-domain transient execution attack.
ID:
Date:
Version:1.0
File: URL Content Type: Technical Articles
In some situations, a mitigated vulnerability known as Register File Data Sampling (RFDS) may allow an attacker to infer data previously used in floating point, vector, or integer registers.
ID:
Date:
Version:2.0
File: URL Content Type: Technical Articles
Technical deep dive on using the retpoline software construct to help mitigate branch target injection (Spectre v2) cross-domain transient execution attacks
ID:
Date:
Version:Latest
File: URL Content Type: Technical Articles
Disclosure, description, enumeration, and mitigation recommendations for a class of processor MMIO vulnerabilities that can expose data.
ID:
Date:
Version:Latest
File: URL Content Type: Technical Articles
Technical deep dive and mitigation instructions for the domain bypass transient execution attack Special Register Buffer Data Sampling (SRBDS / Crosstalk)
ID:
Date:
Version:2.0
File: URL Content Type: Technical Articles
Introduction to transient execution side channel mitigation methods
ID:
Date:
Version:3.0
File: URL Content Type: Technical Articles
Introduction and analysis of speculative/transient execution side channel methods
ID:
Date:
Version:3.0
File: URL Content Type: Technical Articles
Technical and mitigations for the transient execution attacks classified as Microarchitectural Data Sampling (Zombieload/Fallout/RIDL)
ID:
Date:
Version:Latest
File: URL Content Type: Technical Articles
Technical documentation and mitigation instructions for the domain bypass transient execution attack Snoop-assisted L1 Data Sampling
ID:
Date:
Version:2.0
File: URL Content Type: Error and Diagnostic Messages
Technical documentation on how to avoid system hangs and crashes caused by machine check error code 0150H upon memory page size changes in certain processors.
ID:
Date:
Version:2.0
File: URL Content Type: Error and Diagnostic Messages
Technical on how to avoid system hangs and crashes caused by machine check error code 0150H upon memory page size changes in certain processors
ID:
Date:
Version:Latest
File: URL Content Type: Technical Articles
Technical deep dive and mitigation instructions for transient execution attacks on Intel® Transactional Synchronization Extensions (Intel® TSX) caused by memory transactions which asynchronously abort
ID:
Date:
Version:Original
File: URL Content Type: Technical Articles
Technical description of the speculative behavior of the SWAPGS instruction and memory segment registers
ID:
Date:
Version:Latest
File: URL Content Type: Technical Articles
Technical deep dive to help firmware developers and firmware consumers understand and mitigate transient execution attacks in ring 0 firmware runtimes
ID:
Date:
Version:Latest
File: URL Content Type: Technical Articles
Technical deep dive and mitigation instructions for the domain bypass transient execution attacks classified as L1 Terminal Fault (L1TF/Foreshadow)
ID:
Date:
Version:2.0
File: URL Content Type: Technical Articles
Technical deep dive on how to analyze and mitigate potential bounds check bypass vulnerabilities found using static analysis and manual code inspection
ID:
Date:
Version:2.0
File: URL Content Type: Technical Articles
Technical deep dive to help developers understand and mitigate certain transient execution attacks in Linux* environments
ID:
Date:
Version:Latest
File: URL Content Type: Technical Articles
Technical deep dive to help developers understand and mitigate transient execution attacks in managed runtimes (JavaScript*, Java*, and C#) and their JIT/AOT compiler frameworks
ID:
Date:
Version:Latest
File: URL Content Type: Technical Articles
Intel's overview of speculative execution side channel methods (transient execution attacks) such as Spectre v1 (bounds check bypass) and Meltdown (rogue data cache load)

Product and Performance Information

1

Performance varies by use, configuration and other factors. Learn more at www.Intel.com/PerformanceIndex.

2

Features and benefits in Intel® technologies depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at Intel.com.

3

Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors.

Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more complete information visit www.intel.com/benchmarks.

Performance results are based on testing as of dates shown in configurations and may not reflect all publicly available updates.

The products and services described may contain defects or errors known as errata which may cause deviations from published specifications. Current characterized errata are available on request.

Intel provides these materials as-is, with no express or implied warranties.