Transient execution CPU vulnerability#Vulnerabilities and mitigations summary

Modern computers are highly parallel devices, composed of components with very different performance characteristics. If an operation (such as a branch) cannot yet be performed because some earlier slow operation (such as a memory read) has not yet completed, a microprocessor may attempt to predict the result of the earlier operation and execute the later operation speculatively, acting as if the prediction were correct. The prediction may be based on recent behavior of the system. When the earlier, slower operation completes, the microprocessor determines whether the prediction was correct or incorrect. If it was correct then execution proceeds uninterrupted; if it was incorrect then the microprocessor rolls back the speculatively executed operations and repeats the original instruction with the real result of the slow operation. Specifically, a transient instruction{{cite web|url=https://spectreattack.com/spectre.pdf |title=Spectre Attacks: Exploiting Speculative Execution |access-date=2020-04-16 |last1=Kocher |first1=Paul |last2=Horn |first2=Jann |last3=Fogh |first3=Anders |last4=Genkin |first4=Daniel |last5=Gruss |first5=Daniel}} refers to an instruction processed by error by the processor (incriminating the branch predictor in the case of Spectre) which can affect the micro-architectural state of the processor, leaving the architectural state without any trace of its execution.

In terms of the directly visible behavior of the computer it is as if the speculatively executed code "never happened". However, this speculative execution may affect the state of certain components of the microprocessor, such as the cache, and this effect may be discovered by careful monitoring of the timing of subsequent operations.

If an attacker can arrange that the speculatively executed code (which may be directly written by the attacker, or may be a suitable gadget that they have found in the targeted system) operates on secret data that they are unauthorized to access, and has a different effect on the cache for different values of the secret data, they may be able to discover the value of the secret data.

In early January 2018, it was reported that all Intel processors made since 1995{{cite news|url=http://www.abc.net.au/news/science/2018-01-04/intel-chip-flaw-a-security-threat/9303280|title=Processor vulnerabilities could leave most computers open to hackers|first=Ariel|last=Bogle|newspaper=ABC News|date=January 4, 2018|access-date=January 4, 2018|archive-date=January 5, 2018|archive-url=https://web.archive.org/web/20180105012827/http://www.abc.net.au/news/science/2018-01-04/intel-chip-flaw-a-security-threat/9303280|url-status=live}}{{cite news|url=https://www.telegraph.co.uk/technology/2018/01/03/fix-critical-intel-chip-flaw-will-slow-millions-computers/ |archive-url=https://ghostarchive.org/archive/20220110/https://www.telegraph.co.uk/technology/2018/01/03/fix-critical-intel-chip-flaw-will-slow-millions-computers/ |archive-date=January 10, 2022 |url-status=live|url-access=subscription |title=Fix for critical Intel chip flaw will slow down millions of computers|website=The Telegraph|first=Margi|last=Murphy|date=January 3, 2018|publisher=Telegraph Media Group|access-date=January 3, 2017}}{{cbignore}} (besides Intel Itanium and pre-2013 Intel Atom) have been subject to two security flaws dubbed Meltdown and Spectre.{{cite web|url=https://techcrunch.com/2018/01/03/kernel-panic-what-are-meltdown-and-spectre-the-bugs-affecting-nearly-every-computer-and-device/|title=Kernel panic! What are Meltdown and Spectre, the bugs affecting nearly every computer and device?|first=Devin|last=Coldewey|date=January 4, 2018|access-date=January 4, 2018|archive-date=January 4, 2018|archive-url=https://web.archive.org/web/20180104022457/https://techcrunch.com/2018/01/03/kernel-panic-what-are-meltdown-and-spectre-the-bugs-affecting-nearly-every-computer-and-device/|url-status=live}}{{cite journal|url=https://www.wired.com/story/critical-intel-flaw-breaks-basic-security-for-most-computers/|title=A Critical Intel Flaw Breaks Basic Security for Most Computers|journal=Wired|access-date=January 4, 2018|last1=Greenberg|first1=Andy|archive-date=January 3, 2018|archive-url=https://web.archive.org/web/20180103204011/https://www.wired.com/story/critical-intel-flaw-breaks-basic-security-for-most-computers/|url-status=live}}

The impact on performance resulting from software patches is "workload-dependent". Several procedures to help protect home computers and related devices from the Spectre and Meltdown security vulnerabilities have been published.{{cite news |author-last1=Metz |author-first1=Cade |author-last2=Chen |author-first2=Brian X. |title=What You Need to Do Because of Flaws in Computer Chips|url=https://www.nytimes.com/2018/01/04/technology/meltdown-spectre-questions.html |archive-url=https://ghostarchive.org/archive/20220103/https://www.nytimes.com/2018/01/04/technology/meltdown-spectre-questions.html |archive-date=2022-01-03 |url-access=subscription |url-status=live |date=January 4, 2018 |work=The New York Times |df=mdy-all |access-date=2018-01-05}}{{cbignore}}{{cite web |author-last=Pressman |author-first=Aaron |title=Why Your Web Browser May Be Most Vulnerable to Spectre and What to Do About It |url=http://fortune.com/2018/01/05/spectre-safari-chrome-firefox-internet-explorer/ |date=January 5, 2018 |work=Fortune |df=mdy-all |access-date=2018-01-05 |archive-date=January 10, 2018 |archive-url=https://web.archive.org/web/20180110161156/http://fortune.com/2018/01/05/spectre-safari-chrome-firefox-internet-explorer/ |url-status=live }}{{cite web |author-last=Chacos |author-first=Brad |title=How to protect your PC from the major Meltdown and Spectre CPU flaws |url=https://www.pcworld.com/article/3245810/security/how-to-protect-your-pc-meltdown-spectre-cpu-flaws.html |date=January 4, 2018 |work=PC World |access-date=2018-01-04 |url-status=live |archive-url=https://web.archive.org/web/20180104231745/https://www.pcworld.com/article/3245810/security/how-to-protect-your-pc-meltdown-spectre-cpu-flaws.html |df=mdy-all |archive-date=2018-01-04}}{{cite web |author-last=Elliot |author-first=Matt |title=Security – How to protect your PC against the Intel chip flaw – Here are the steps to take to keep your Windows laptop or PC safe from Meltdown and Spectre. |url=https://www.cnet.com/how-to/how-to-protect-your-pc-against-the-intel-chip-flaw/ |date=January 4, 2018 |work=CNET |access-date=2018-01-04 |url-status=live |archive-url=https://web.archive.org/web/20180104225045/https://www.cnet.com/how-to/how-to-protect-your-pc-against-the-intel-chip-flaw/ |df=mdy-all |archive-date=2018-01-04}} Spectre patches have been reported to significantly slow down performance, especially on older computers; on the newer 8th-generation Core platforms, benchmark performance drops of 2–14% have been measured.{{cite web |author-last=Hachman |author-first=Mark |title=Microsoft tests show Spectre patches drag down performance on older PCs |url=https://www.pcworld.com/article/3245742/components-processors/microsoft-tests-show-spectre-patches-drag-down-performance-on-older-pcs.html |date=January 9, 2018 |work=PC World |df=mdy-all |access-date=2018-01-09 |archive-date=February 9, 2018 |archive-url=https://web.archive.org/web/20180209120423/https://www.pcworld.com/article/3245742/components-processors/microsoft-tests-show-spectre-patches-drag-down-performance-on-older-pcs.html |url-status=live }} Meltdown patches may also produce performance loss.{{cite news |url=https://www.nytimes.com/2018/01/03/business/computer-flaws.html |title=Researchers Discover Two Major Flaws in the World's Computers |author-last1=Metz |author-first1=Cade |date=January 3, 2018 |work=The New York Times |access-date=2018-01-03 |author-last2=Perlroth |author-first2=Nicole |issn=0362-4331 |url-status=live |archive-url=https://web.archive.org/web/20180103224048/https://www.nytimes.com/2018/01/03/business/computer-flaws.html |df=mdy-all |archive-date=2018-01-03}}{{cite web |url=https://www.bbc.com/news/technology-42562303 |title=Computer chip scare: What you need to know |date=January 4, 2018 |work=BBC News |df=mdy-all |access-date=2018-01-04 |archive-date=October 11, 2020 |archive-url=https://web.archive.org/web/20201011235525/https://www.bbc.com/news/technology-42562303 |url-status=live }}{{Cite news |url=https://www.theverge.com/2018/1/3/16846540/intel-processor-security-flaw-bug-response |title=Intel says processor bug isn't unique to its chips and performance issues are 'workload-dependent' |work=The Verge |df=mdy-all |access-date=2018-01-04 |archive-date=January 3, 2018 |archive-url=https://web.archive.org/web/20180103223052/https://www.theverge.com/2018/1/3/16846540/intel-processor-security-flaw-bug-response |url-status=live }} It is believed that "hundreds of millions" of systems could be affected by these flaws.{{cite web|url=https://meltdownattack.com/#faq-systems-spectre|title=Meltdown and Spectre|website=meltdownattack.com|access-date=January 4, 2018|archive-date=January 3, 2018|archive-url=https://web.archive.org/web/20180103235911/https://meltdownattack.com/#faq-systems-spectre|url-status=live}}

More security flaws were disclosed on May 3, 2018,{{cite web|last1=Tung|first1=Liam|title=Are 8 new 'Spectre-class' flaws about to be exposed? Intel confirms it's readying fixes|url=https://www.zdnet.com/article/are-8-new-spectre-class-flaws-about-to-be-exposed/|access-date=May 4, 2018|website=ZDNet|language=en|archive-date=May 22, 2018|archive-url=https://web.archive.org/web/20180522152328/https://www.zdnet.com/article/are-8-new-spectre-class-flaws-about-to-be-exposed/|url-status=live}} on August 14, 2018, on January 18, 2019, and on March 5, 2020.

At the time, Intel was not commenting on this issue.{{cite web |last=Gibbs |first=Samuel |date=January 3, 2018 |title=Major security flaw found in Intel processors |url=https://www.theguardian.com/technology/2018/jan/03/major-security-flaw-found-intel-processors-computers-windows-mac-os-linux |url-status=live |archive-url=https://web.archive.org/web/20180104235656/https://www.theguardian.com/technology/2018/jan/03/major-security-flaw-found-intel-processors-computers-windows-mac-os-linux |archive-date=January 4, 2018 |access-date=January 5, 2018 |website=Theguardian.com |via=www.TheGuardian.com}}{{cite web |date=January 4, 2018 |title=How to protect your PC against the major 'Meltdown' CPU security flaw |url=https://www.theverge.com/2018/1/4/16848976/how-to-protect-windows-pc-meltdown-security-flaw |url-status=live |archive-url=https://web.archive.org/web/20180105002157/https://www.theverge.com/2018/1/4/16848976/how-to-protect-windows-pc-meltdown-security-flaw |archive-date=January 5, 2018 |access-date=January 5, 2018 |website=TheVerge.com}}

On March 15, 2018, Intel reported that it will redesign its CPUs (performance losses to be determined) to protect against the Spectre security vulnerability, and expects to release the newly redesigned processors later in 2018.{{cite news |last=Warren |first=Tom |title=Intel processors are being redesigned to protect against Spectre – New hardware coming later this year |url=https://www.theverge.com/2018/3/15/17123610/intel-new-processors-protection-spectre-vulnerability |date=March 15, 2018 |work=The Verge |access-date=March 15, 2018 |archive-date=March 15, 2018 |archive-url=https://web.archive.org/web/20180315143212/https://www.theverge.com/2018/3/15/17123610/intel-new-processors-protection-spectre-vulnerability |url-status=live }}{{cite news |last=Shankland |first=Stephen |title=Intel will block Spectre attacks with new chips this year – Cascade Lake processors for servers, coming this year, will fight back against a new class of vulnerabilities, says CEO Brian Krzanich. |url=https://www.cnet.com/news/intel-blocks-spectre-attacks-with-new-server-chips-this-year/ |date=March 15, 2018 |work=CNET |access-date=March 15, 2018 |archive-date=March 15, 2018 |archive-url=https://web.archive.org/web/20180315164257/https://www.cnet.com/news/intel-blocks-spectre-attacks-with-new-server-chips-this-year/ |url-status=live }}

On May 3, 2018, eight additional Spectre-class flaws were reported. Intel reported that they are preparing new patches to mitigate these flaws.{{cite web|last1=Tung|first1=Liam|title=Are 8 new 'Spectre-class' flaws about to be exposed? Intel confirms it's readying fixes|url=https://www.zdnet.com/article/are-8-new-spectre-class-flaws-about-to-be-exposed/|website=ZDNet|access-date=May 4, 2018|language=en|archive-date=May 22, 2018|archive-url=https://web.archive.org/web/20180522152328/https://www.zdnet.com/article/are-8-new-spectre-class-flaws-about-to-be-exposed/|url-status=live}}

On August 14, 2018, Intel disclosed three additional chip flaws referred to as L1 Terminal Fault (L1TF). They reported that previously released microcode updates, along with new, pre-release microcode updates can be used to mitigate these flaws.{{cite news |title=Intel discloses three more chip flaws |url=https://www.reuters.com/article/us-cyber-intel/intel-discloses-three-more-chip-flaws-idUSKBN1KZ280 |work=Reuters |access-date=August 16, 2018 |archive-date=August 16, 2018 |archive-url=https://web.archive.org/web/20180816194524/https://www.reuters.com/article/us-cyber-intel/intel-discloses-three-more-chip-flaws-idUSKBN1KZ280 |url-status=live }}{{cite web |last1=Culbertson |first1=Leslie |title=Protecting Our Customers through the Lifecycle of Security Threats |url=https://newsroom.intel.com/editorials/protecting-our-customers-through-lifecycle-security-threats/ |website=Intel Newsroom |access-date=August 16, 2018 |archive-date=August 14, 2018 |archive-url=https://web.archive.org/web/20180814171651/https://newsroom.intel.com/editorials/protecting-our-customers-through-lifecycle-security-threats/ |url-status=live }}

On January 18, 2019, Intel disclosed three new vulnerabilities affecting all Intel CPUs, named "Fallout", "RIDL", and "ZombieLoad", allowing a program to read information recently written, read data in the line-fill buffers and load ports, and leak information from other processes and virtual machines.{{cite web|url=https://mdsattacks.com/files/fallout.pdf|title=Fallout: Reading Kernel Writes From User Space|website=RIDL and Fallout: MDS Attacks|archive-url=https://web.archive.org/web/20190516190421/https://mdsattacks.com/files/fallout.pdf|archive-date=2019-05-16 |df=mdy-all|access-date=2019-05-18}}{{cite web|url=https://mdsattacks.com/files/ridl.pdf|title=RIDL: Rogue In-Flight Data Load|website=RIDL and Fallout: MDS attacks|archive-url=https://web.archive.org/web/20190517035356/https://mdsattacks.com/files/ridl.pdf |df=mdy-all|archive-date=2019-05-17}}{{cite web|url=https://zombieloadattack.com/|title=ZombieLoad Attack|website=zombieloadattack.com|df=mdy-all|access-date=2019-05-18|archive-date=May 14, 2019|archive-url=https://web.archive.org/web/20190514182730/https://zombieloadattack.com/|url-status=live}} Coffee Lake-series CPUs are even more vulnerable, due to hardware mitigations for Spectre.{{Citation needed|date=June 2019}}{{Cite web |title=Intel Released "Coffee Lake" Knowing it Was Vulnerable to Spectre and Meltdown |url=https://www.techpowerup.com/240283/intel-released-coffee-lake-knowing-it-was-vulnerable-to-spectre-and-meltdown?cp=2 |website=TECHPOWERUP| date=5 January 2018 }}

On March 5, 2020, computer security experts reported another Intel chip security flaw, besides the Meltdown and Spectre flaws, with the systematic name {{CVE|2019-0090}} (or "Intel CSME Bug").{{cite news |last=Cimpanu |first=Catalin |title=Intel CSME bug is worse than previously thought – Researchers say a full patch requires replacing hardware. Only the latest Intel 10th generation CPUs are not affected. |url=https://www.zdnet.com/article/intel-csme-bug-is-worse-than-previously-thought/ |date=March 5, 2020 |work=ZDNet |access-date=March 8, 2020 |archive-date=March 5, 2020 |archive-url=https://web.archive.org/web/20200305151035/https://www.zdnet.com/article/intel-csme-bug-is-worse-than-previously-thought/ |url-status=live }} This newly found flaw is not fixable with a firmware update, and affects nearly "all Intel chips released in the past five years".{{cite news |last=Goodin |first=Dan |title=5 years of Intel CPUs and chipsets have a concerning flaw that's unfixable – Converged Security and Management Engine flaw may jeopardize Intel's root of trust. |url=https://arstechnica.com/information-technology/2020/03/5-years-of-intel-cpus-and-chipsets-have-a-concerning-flaw-thats-unfixable/ |date=March 5, 2020 |work=Ars Technica |access-date=March 6, 2020 |archive-date=March 6, 2020 |archive-url=https://web.archive.org/web/20200306020753/https://arstechnica.com/information-technology/2020/03/5-years-of-intel-cpus-and-chipsets-have-a-concerning-flaw-thats-unfixable/ |url-status=live }}{{cite news |last=Dent |first=Steve |title=Researchers discover that Intel chips have an unfixable security flaw – The chips are vulnerable during boot-up, so they can't be patched with a firmware update. |url=https://www.engadget.com/2020/03/06/intel-chips-unpatchable-security-flaw/ |date=March 6, 2020 |work=Engadget |access-date=March 6, 2020 |archive-date=March 6, 2020 |archive-url=https://web.archive.org/web/20200306194109/https://www.engadget.com/2020/03/06/intel-chips-unpatchable-security-flaw/ |url-status=live }}{{cite news |author=Staff |title=Intel Converged Security and Management Engine, Intel Server Platform Services, Intel Trusted Execution Engine, and Intel Active Management Technology Advisory (Intel-SA-00213) |url=https://www.intel.com/content/www/us/en/support/articles/000033416/technologies.html |date=February 11, 2020 |work=Intel |access-date=March 6, 2020 |archive-date=March 5, 2020 |archive-url=https://web.archive.org/web/20200305163717/https://www.intel.com/content/www/us/en/support/articles/000033416/technologies.html |url-status=live }}

In March 2021 AMD security researchers discovered that the Predictive Store Forwarding algorithm in Zen 3 CPUs could be used by malicious applications to access data it shouldn't be accessing.{{Cite web|last=Cutress|first=Ian|title=AMD Issues Updated Speculative Spectre Security Status: Predictive Store Forwarding|url=https://www.anandtech.com/show/16604/amd-issues-updated-speculative-spectre-security-status-predictive-store-forwarding|access-date=2021-04-08|website=www.anandtech.com}} According to Phoronix there's little performance impact in disabling the feature.{{Cite web|title=Benchmarking AMD Zen 3 With Predictive Store Forwarding Disabled - Phoronix|url=https://www.phoronix.com/scan.php?page=article&item=amd-zen3-psf&num=1|access-date=2021-04-08|website=www.phoronix.com}}

In June 2021, two new vulnerabilities, Speculative Code Store Bypass (SCSB, [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0086 CVE-2021-0086]) and Floating Point Value Injection (FPVI, [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0089 CVE-2021-0089]), affecting all modern x86-64 CPUs both from Intel and AMD were discovered.{{Cite web|title=Rage Against the Machine Clear|url=https://www.vusec.net/projects/fpvi-scsb/|access-date=2021-06-29|website=VUSec|date=8 June 2021 |language=en-US}} In order to mitigate them software has to be rewritten and recompiled. ARM CPUs are not affected by SCSB but some certain ARM architectures are affected by FPVI.{{Cite web|title=Speculative Processor Vulnerability {{!}} Frequently asked questions|url=https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions|access-date=2021-06-29|website=Arm Developer|language=en}}

Also in June 2021, MIT researchers revealed the PACMAN attack on Pointer Authentication Codes (PAC) in ARM v8.3A.{{Cite web |last=Yan |first=Joseph Ravichandran, Weon Taek Na, Jay Lang, Mengjia |date=2022-06-09 |title=The PACMAN Attack |url=https://pacmanattack.com |access-date=2024-11-16 |website=PACMAN |language=en}}{{Cite web |title=Documentation – Arm Developer |url=https://developer.arm.com/documentation/ka005109/latest/ |access-date=2024-11-16 |website=developer.arm.com}}{{Cite web |last=Page |first=Carly |date=2022-06-10 |title=MIT researchers uncover 'unpatchable' flaw in Apple M1 chips |url=https://techcrunch.com/2022/06/10/apple-m1-unpatchable-flaw/ |access-date=2024-11-16 |website=TechCrunch |language=en-US}}

In August 2021 a vulnerability called "Transient Execution of Non-canonical Accesses" affecting certain AMD CPUs was disclosed.{{Cite web|title=Transient Execution of Non-canonical Accesses|url=https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1010}}{{Cite arXiv|eprint=2108.10771|last1=Musaev|first1=Saidgani|last2=Fetzer|first2=Christof|title=Transient Execution of Non-Canonical Accesses|year=2021|class=cs.CR }}{{Cite web|last=Francisco|first=Thomas Claburn in San|title=Boffins find if you torture AMD Zen+, Zen 2 CPUs enough, they are vulnerable to Meltdown-like attack|url=https://www.theregister.com/2021/08/30/amd_meltdown_zen/|access-date=2021-09-05|website=www.theregister.com|language=en}} It requires the same mitigations as the MDS vulnerability affecting certain Intel CPUs.{{Cite web | url=https://www.amd.com/content/dam/amd/en/documents/processor-tech-docs/programmer-references/software-techniques-for-managing-speculation.pdf | title=White Paper {{!}} Software techniques for managing speculation on AMD processors | website=www.amd.com | access-date=2024-07-28}} It was assigned [https://nvd.nist.gov/vuln/detail/CVE-2020-12965 CVE-2020-12965]. Since most x86 software is already patched against MDS and this vulnerability has the exact same mitigations, software vendors don't have to address this vulnerability.

In October 2021 for the first time ever a vulnerability similar to Meltdown was disclosed{{Cite journal|last1=Lipp|first1=Moritz|last2=Gruss|first2=Daniel|last3=Schwarz|first3=Michael|date=2021-10-19|title=AMD Prefetch Attacks through Power and Time|url=https://publications.cispa.saarland/3507/|journal=USENIX Security Symposium|language=en}}{{Cite web|title=AMD Prefetch Attacks through Power and Time|url=https://publications.cispa.saarland/3507/1/amd_prefetch_sec22.pdf}} to be affecting all AMD CPUs however the company doesn't think any new mitigations have to be applied and the existing ones are already sufficient.{{Cite web|title=Side-channels Related to the x86 PREFETCH Instruction|url=https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017}}

In March 2022, a new variant of the Spectre vulnerability called Branch History Injection was disclosed.{{Cite web |title=Branch History Injection |url=https://www.vusec.net/projects/bhi-spectre-bhb/ |access-date=2022-03-08 |website=VUSec |language=en-US}}{{Cite web |title=BHI: The Newest Spectre Vulnerability Affecting Intel & Arm CPUs |url=https://www.phoronix.com/scan.php?page=news_item&px=BHI-Spectre-Vulnerability |access-date=2022-03-08 |website=www.phoronix.com |language=en}} It affects certain ARM64 CPUs{{Cite web |last=Ltd |first=Arm |title=Speculative Processor Vulnerability {{!}} Spectre-BHB |url=https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb |access-date=2022-03-11 |website=Arm Developer |language=en}} and the following Intel CPU families: Cascade Lake, Ice Lake, Tiger Lake and Alder Lake. According to Linux kernel developers AMD CPUs are also affected.{{Cite web |title=Linux Lands Mitigations For Spectre-BHB / BHI On Intel & Arm, Plus An AMD Change Too |url=https://www.phoronix.com/scan.php?page=news_item&px=Spectre-BHI-Linux-Mitigations |access-date=2022-03-08 |website=www.phoronix.com |language=en}}

In March 2022, a vulnerability affecting a wide range of AMD CPUs was disclosed under [https://nvd.nist.gov/vuln/detail/CVE-2021-26341 CVE-2021-26341].{{Cite web |title=grsecurity - The AMD Branch (Mis)predictor Part 2: Where No CPU has Gone Before (CVE-2021-26341) |url=https://grsecurity.net/amd_branch_mispredictor_part_2_where_no_cpu_has_gone_before |access-date=2022-03-11 |website=grsecurity.net}}{{Cite web |title=AMD CPUs May Transiently Execute Beyond Unconditional Direct Branch |url=https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026}}

In June 2022, multiple MMIO Intel CPUs vulnerabilities related to execution in virtual environments were announced.{{Cite web |title=oss-security - Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities |url=https://www.openwall.com/lists/oss-security/2022/06/16/1 |access-date=2022-06-19 |website=www.openwall.com}} The following CVEs were designated: [https://nvd.nist.gov/vuln/detail/CVE-2022-21123 CVE-2022-21123], [https://nvd.nist.gov/vuln/detail/CVE-2022-21125 CVE-2022-21125], [https://nvd.nist.gov/vuln/detail/CVE-2022-21166 CVE-2022-21166].

In July 2022, the Retbleed vulnerability was disclosed affecting Intel Core 6 to 8th generation CPUs and AMD Zen 1, 1+ and 2 generation CPUs. Newer Intel microarchitectures as well as AMD starting with Zen 3 are not affected. The mitigations for the vulnerability decrease the performance of the affected Intel CPUs by up to 39%, while AMD CPUs lose up to 14%.

In August 2022, the SQUIP vulnerability was disclosed affecting Ryzen 2000–5000 series CPUs.{{Cite web |title=AMD Details "SQUIP" Side Channel Vulnerability For Zen's Execution Unit Scheduler |url=https://www.phoronix.com/news/AMD-Side-Channel-SQUIP |access-date=2022-08-10 |website=www.phoronix.com |language=en}} According to AMD the existing mitigations are enough to protect from it.{{Cite web |title=Execution Unit Scheduler Contention Side-Channel Vulnerability on AMD Processors |url=https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039 }}

According to a Phoronix review released in October, 2022 Zen 4/Ryzen 7000 CPUs are not slowed down by mitigations, in fact disabling them leads to a performance loss.{{Cite web |title=With AMD Zen 4, It's Surprisingly Not Worthwhile Disabling CPU Security Mitigations |url=https://www.phoronix.com/news/AMD-Zen-4-Mitigations-Off |access-date=2022-10-07 |website=www.phoronix.com |language=en}}{{Cite web |title=Disabling Spectre V2 Mitigations Is What Can Impair AMD Ryzen 7000 Series Performance |url=https://www.phoronix.com/review/amd-zen4-spectrev2 |access-date=2022-10-07 |website=www.phoronix.com |language=en}}

In February 2023 a vulnerability affecting a wide range of AMD CPU architectures called "Cross-Thread Return Address Predictions" was disclosed.{{Cite web |title=oss-sec: Xen Security Advisory 426 v1 (CVE-2022-27672) - x86: Cross-Thread Return Address Predictions |url=https://seclists.org/oss-sec/2023/q1/96 |access-date=2023-02-15 |website=seclists.org |language=en}}

In July 2023 a critical vulnerability in the Zen 2 AMD microarchitecture called Zenbleed was made public.{{Cite web |author1=Paul Alcorn |date=2023-07-24 |title=AMD 'Zenbleed' Bug Allows Data Theft From Zen 2 Processors, Patches Coming |url=https://www.tomshardware.com/news/zenbleed-bug-allows-data-theft-from-amds-zen-2-processors-patches-released |access-date=2023-07-24 |website=Tom's Hardware |language=en}}[https://lock.cmpxchg8b.com/zenbleed.html] AMD released a microcode update to fix it.{{Cite web |date=2023-07-24 |title=Cross-Process Information Leak |url=https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html |access-date=2023-07-27 |website=amd.com}}

In August 2023 a vulnerability in AMD's Zen 1, Zen 2, Zen 3, and Zen 4 microarchitectures called Inception{{Cite web |date=2023-08-08 |title=Return Address Security Bulletin |url=https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html |access-date=2023-08-08 |website=amd.com}}{{Cite web |title=New Inception attack leaks sensitive data from all AMD Zen CPUs |url=https://www.bleepingcomputer.com/news/security/new-inception-attack-leaks-sensitive-data-from-all-amd-zen-cpus/ |access-date=2023-08-09 |website=BleepingComputer |language=en-us}} was revealed and assigned [https://nvd.nist.gov/vuln/detail/CVE-2023-20569 CVE-2023-20569]. According to AMD it is not practical but the company will release a microcode update for the affected products.

Also in August 2023 a new vulnerability called Downfall or Gather Data Sampling was disclosed, affecting Intel CPU Skylake, Cascade Lake, Cooper Lake, Ice Lake, Tiger Lake, Amber Lake, Kaby Lake, Coffee Lake, Whiskey Lake, Comet Lake & Rocket Lake CPU families. Intel will release a microcode update for affected products.

The SLAM{{Cite web |title=SLAM: Spectre based on Linear Address Masking |url=https://www.vusec.net/projects/slam/ |access-date=2023-12-07 |website=vusec |language=en-US}}{{Cite web |title=TLB-Based Side Channel Attack: Security Update |url=https://developer.arm.com/Arm%20Security%20Center/TLB-Based%20Side%20Channel%20Attack |access-date=2023-12-07 |website=developer.arm.com}}{{Cite web |title=oss-sec: SLAM: Spectre based on Linear Address Masking |url=https://seclists.org/oss-sec/2023/q4/260 |access-date=2023-12-07 |website=seclists.org |language=en}}{{Cite web |title=New SLAM attack steals sensitive data from AMD, future Intel CPUs |url=https://www.bleepingcomputer.com/news/security/new-slam-attack-steals-sensitive-data-from-amd-future-intel-cpus/ |access-date=2023-12-07 |website=BleepingComputer |language=en-us}} vulnerability (Spectre based on Linear Address Masking) reported in 2023 neither has received a corresponding CVE, nor has been confirmed or mitigated against.

In March 2024, a variant of Spectre-V1 attack called GhostRace was published.{{Cite web |title=GhostRace |url=https://www.vusec.net/projects/ghostrace/ |access-date=2024-03-12 |website=vusec |language=en-US}} It was claimed it affected all the major microarchitectures and vendors, including Intel, AMD and ARM. It was assigned [https://nvd.nist.gov/vuln/detail/CVE-2024-2193 CVE-2024-2193]. AMD dismissed the vulnerability (calling it "Speculative Race Conditions (SRCs)") claiming that existing mitigations were enough.{{Cite web |date=2024-03-12 |title=Speculative Race Conditions (SRCs) |url=https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html |website=amd.com}} Linux kernel developers chose not to add mitigations citing performance concerns.{{Cite web |title=GhostRace Detailed - Speculative Race Conditions Affecting All Major CPUs / ISAs |url=https://www.phoronix.com/news/CPU-Speculative-GhostRace |access-date=2024-03-12 |website=www.phoronix.com |language=en}} The Xen hypervisor project released patches to mitigate the vulnerability but they are not enabled by default.{{Cite web |title=oss-sec: Xen Security Advisory 453 v1 (CVE-2024-2193) - GhostRace: Speculative Race Conditions |url=https://seclists.org/oss-sec/2024/q1/220 |access-date=2024-03-14 |website=seclists.org |language=en}}

Also in March 2024, a vulnerability in Intel Atom processors called Register File Data Sampling (RFDS) was revealed.{{Cite web |title=Register File Data Sampling |url=https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/register-file-data-sampling.html |access-date=2024-03-15 |website=Intel |language=en}} It was assigned [https://nvd.nist.gov/vuln/detail/CVE-2023-28746 CVE-2023-28746]. Its mitigations incur a slight performance degradation.{{Cite web |title=The Performance Impact Of Intel's Register File Data Sampling |url=https://www.phoronix.com/review/intel-rfds-performance |access-date=2024-03-15 |website=www.phoronix.com |language=en}}

In April 2024, it was revealed that the BHI vulnerability in certain Intel CPU families could be still exploited in Linux entirely in user space without using any kernel features or root access despite existing mitigations.{{Cite web |title=InSpectre Gadget |url=https://www.vusec.net/projects/native-bhi/ |access-date=2024-04-14 |website=vusec |language=en-US}}{{Cite web |title=oss-security - Xen Security Advisory 456 v2 (CVE-2024-2201) - x86: Native Branch History Injection |url=https://www.openwall.com/lists/oss-security/2024/04/09/15 |access-date=2024-04-14 |website=www.openwall.com}}{{Cite web |title=2268118 – (CVE-2024-2201) CVE-2024-2201 hw: cpu: intel:InSpectre Gadget a residual Attack Surface of Cross-privilege Spectre v2 |url=https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2024-2201 |access-date=2024-04-14 |website=bugzilla.redhat.com}} Intel recommended "additional software hardening".{{Cite web |title=Branch History Injection and Intra-mode Branch Target Injection |url=https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html |access-date=2024-04-14 |website=Intel |language=en}} The attack was assigned [https://nvd.nist.gov/vuln/detail/CVE-2024-2201 CVE-2024-2201].

In June 2024, Samsung Research and Seoul National University researchers revealed the TikTag attack against the Memory Tagging Extension in ARM v8.5A CPUs. The researchers created PoCs for Google Chrome and the Linux kernel.{{cite arXiv |last1=Kim |first1=Juhee |title=TikTag: Breaking ARM's Memory Tagging Extension with Speculative Execution |date=2024-06-12 |eprint=2406.08719 |last2=Park |first2=Jinbum |last3=Roh |first3=Sihyeon |last4=Chung |first4=Jaeyoung |last5=Lee |first5=Youngjoo |last6=Kim |first6=Taesoo |last7=Lee |first7=Byoungyoung|class=cs.CR }}{{Cite web |title='TIKTAG' : The New ARM Attack - SECNORA |url=https://secnora.com/blog/tiktag-the-new-arm-attack/ |access-date=2024-11-16 |website=secnora.com |language=en-US}}{{Cite web |title=New ARM 'TIKTAG' attack impacts Google Chrome, Linux systems |url=https://www.bleepingcomputer.com/news/security/new-arm-tiktag-attack-impacts-google-chrome-linux-systems/ |access-date=2024-11-16 |website=BleepingComputer |language=en-us}}{{Citation |title=compsec-snu/tiktag |date=2024-11-09 |url=https://github.com/compsec-snu/tiktag |access-date=2024-11-16 |publisher=Security Research Lab at Seoul National University (SNU)}} Researchers from VUSec previously revealed ARM's Memory Tagging Extension is vulnerable to speculative probing.{{Cite web |title=Sticky Tags: Efficient and Deterministic Spatial Memory Error Mitigation using Persistent Memory Tags |url=https://www.vusec.net/projects/stickytags/ |access-date=2025-01-14 |website=VUSec |language=en-US}}{{Cite web |title=Arm Memory Tagging Extension: Security Update |url=https://developer.arm.com/Arm%20Security%20Center/Arm%20Memory%20Tagging%20Extension |access-date=2025-01-14 |website=Arm Developer |language=en-us}}

In July 2024, UC San Diego researchers revealed the Indirector attack against Intel Alder Lake and Raptor Lake CPUs leveraging high-precision Branch Target Injection (BTI).{{Cite web |title=Indirector |url=https://indirector.cpusec.org/ |access-date=2024-07-03 |website=indirector.cpusec.org}}{{Cite web |title=Latest Intel CPUs impacted by new Indirector side-channel attack |url=https://www.bleepingcomputer.com/news/security/latest-intel-cpus-impacted-by-new-indirector-side-channel-attack/ |access-date=2024-07-03 |website=BleepingComputer |language=en-us}}{{Cite web |author1=Dallin Grimm |date=2024-07-03 |title=Newer Intel CPUs vulnerable to new "Indirector" attack — Spectre-style attacks risk stealing sensitive data; Intel says no new mitigations required |url=https://www.tomshardware.com/tech-industry/cyber-security/newer-intel-cpus-vulnerable-to-new-indirector-attack-spectre-style-attacks-risk-stealing-sensitive-data-intel-says-no-new-mitigations-required |access-date=2024-07-03 |website=Tom's Hardware |language=en}} Intel downplayed the severity of the vulnerability and claimed the existing mitigations are enough to tackle the issue.{{Cite web |title=INTEL-2024-07-02-001- Indirector |url=https://www.intel.com/content/www/us/en/security-center/announcement/intel-security-announcement-2024-07-02-001.html |access-date=2024-07-03 |website=Intel |language=en}} No CVE was assigned.

In January 2025, Georgia Institute of Technology researchers published two whitepapers on Data Speculation Attacks via Load Address Prediction on Apple Silicon (SLAP) and Breaking the Apple M3 CPU via False Load Output Predictions (FLOP).{{Cite web |title=SLAP and FLOP |url=https://predictors.fail/ |access-date=2025-01-29 |website=predictors.fail |language=en}}{{Cite web |title=New Apple CPU side-channel attacks steal data from browsers |url=https://www.bleepingcomputer.com/news/security/new-apple-cpu-side-channel-attack-steals-data-from-browsers/ |access-date=2025-01-29 |website=BleepingComputer |language=en-us}}{{Cite news |last=Claburn |first=Thomas |date=2025-01-29 |title=SLAP, Apple, and FLOP: Safari, Chrome at risk of data theft on iPhone, Mac, iPad Silicon |url=https://www.theregister.com/2025/01/29/flop_and_slap_attacks_apple_silicon/ |access-date=2025-01-29 |work=The Register}}

Also in January 2025, Arm disclosed a vulnerability ({{CVE|2024-7881|link=no}}) in which an unprivileged context can trigger a data memory-dependent prefetch engine to fetch data from a privileged location, potentially leading to unauthorized access. To mitigate the issue, Arm recommends disabling the affected prefetcher by setting CPUACTLR6_EL1[41].{{Cite web |title=Arm Changing Linux Default To Costly "KPTI" Mitigation For Some Newer CPUs |url=https://www.phoronix.com/news/Arm-Linux-CVE-2024-7881-KPTI |access-date=2025-03-16 |website=www.phoronix.com |language=en}}{{Cite web |title=Documentation – Arm Developer |url=https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881|access-date=2025-03-16 |website=developer.arm.com}}

In May 2025, VUSec released three vulnerabilities extending on Spectre-v2 in various Intel and ARM architectures under the moniker Training Solo.{{Cite web |title=oss-security - Xen Security Advisory 469 v1 - x86: Indirect Target Selection |url=https://www.openwall.com/lists/oss-security/2025/05/12/4 |access-date=2025-05-13 |website=www.openwall.com}}{{Cite web |title=Training Solo |url=https://www.vusec.net/projects/training-solo/ |access-date=2025-05-12 |website=vusec |language=en-US}}{{Cite web |title=Training Solo: New Set Of Serious Security Vulnerabilities Exposed For Intel & Arm CPUs |url=https://www.phoronix.com/news/Training-Solo-Vulnerability |access-date=2025-05-12 |website=www.phoronix.com |language=en}} Mitigations require a microcode update for Intel CPUs and changes in the Linux kernel.

• The history-based attack affects all Intel CPUs with eIBRS, including the latest as of 2025, Intel’s latest generation Lion Cove which features the BHI_NO feature and selected ARM microarchitectures.
• Indirect Target Selection (ITS) ({{CVE|2024-28956|link=no}}) affects Intel Core 9th-11th generations and Intel Xeon 2nd-3rd generations.
• Lion Cove BPU issue ({{CVE|2025-24495|link=no}}) affects the Lion Cove core, Lunar Lake and Arrow Lake.

Also in May 2025, ETH Zurich Computer Security Group "COMSEC" disclosed the Branch Privilege Injection vulnerability affecting all Intel x86 architectures starting from the 9th generation (Coffee Lake Refresh) under {{CVE|2024-45332|link=no}}.{{Cite web |title=Branch Privilege Injection: Exploiting Branch Predictor Race Conditions – Computer Security Group |url=https://comsec.ethz.ch/research/microarch/branch-privilege-injection/ |access-date=2025-05-14 |language=en-US}}{{Cite web |title=New Intel CPU flaws leak sensitive data from privileged memory |url=https://www.bleepingcomputer.com/news/security/new-intel-cpu-flaws-leak-sensitive-data-from-privileged-memory/ |access-date=2025-05-14 |website=BleepingComputer |language=en-us}}{{Cite news |title=Intel data-leaking Spectre defenses scared off once again |url=https://www.theregister.com/2025/05/13/intel_spectre_race_condition/ |archive-url=http://web.archive.org/web/20250514073820/https://www.theregister.com/2025/05/13/intel_spectre_race_condition/ |archive-date=2025-05-14 |access-date=2025-05-14 |language=en}} A microcode update is required to mitigate it. It comes with a performance cost up to 8%.

Spectre class vulnerabilities will remain unfixed because otherwise CPU designers will have to disable speculative execution which will entail a massive performance loss.{{Citation needed|date=June 2022}} Despite this, AMD has managed to design Zen 4 such a way its performance is not affected by mitigations.

| rowspan="2" colspan="2" {{No|Microcode + Software recompilation}}

| rowspan="2" {{No|Software recompilation}}

| colspan="2" rowspan="3" {{Yes|Not affected}}

|-

| colspan="2" |Shared Buffers Data Sampling (SBDS)

|{{CVE|2022-21125|link=no}}

|-

| colspan="2" |Device Register Partial Write (DRPW)

|{{CVE|2022-21166|link=no}}

| colspan="4" {{No|Microcode}}

|{{Some|Existing MDS mitigations}}

|-

| rowspan="4" |Branch Type Confusion (BTC){{cite press release|author=AMD|title=AMD CPU Branch Type Confusion|url=https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1037.html|date=July 12, 2022|access-date=2024-03-25}}

| rowspan="2" |{{Vertical text|style=letter-spacing: -0.27em; vertical-align: middle|1=Phantom}}

|BTC-NOBR
BTC-DIR

| rowspan="2" |{{CVE|2022-23825|link=no}}

| colspan="5" rowspan="2" {{Yes|Not affected}}

| colspan="2" {{No|OS/VMM}}

|-

|BTC-IND

| colspan="2" {{Some|Existing Spectre v2 mitigations}}

|-

| rowspan="2" colspan="2" |Retbleed{{Cite web |title=Retbleed: Arbitrary Speculative Code Execution with Return Instructions – Computer Security Group |url=https://comsec.ethz.ch/research/microarch/retbleed/ |access-date=2022-07-12 |language=en-US}}{{Cite web |title=INTEL-SA-00702 |url=https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html |access-date=2022-07-13 |website=Intel |language=en}}{{Cite web |title=AMD, Intel chips vulnerable to 'Retbleed' Spectre variant |url=https://www.theregister.com/2022/07/12/amd_intel_retbleed/ |access-date=2022-07-12 |website=www.theregister.com |language=en}}{{Cite web |last=Goodin |first=Dan |date=July 12, 2022 |title=New working speculative execution attack sends Intel and AMD scrambling |url=https://arstechnica.com/information-technology/2022/07/intel-and-amd-cpus-vulnerable-to-a-new-speculative-execution-attack/ |access-date=2022-07-12 |website=Ars Technica |language=en-us}}
BTC-RET

| rowspan="2" |{{CVE|2022-29900|link=no}}
{{CVE|2022-29901|link=no}}

| rowspan="2" colspan="2" {{Yes|Not affected}}

| colspan="2" {{No|OS/VMM}}

| rowspan="2" {{No|OS/VMM}}

| rowspan="2" colspan="2" {{No|OS/VMM /
Software recompilation}}

|-

| colspan="2" {{Yes|Not affected{{efn|name=stepWCofL}}}}

|-

| colspan="3" |Cross-Thread Return Address Predictions{{Cite web |date=February 14, 2022 |title=Cross-Thread Return Address Predictions {{!}} AMD |url=https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1045.html |access-date=2023-08-11}}{{Cite web |title=[FYI PATCH 0/3] Cross-Thread Return Address Predictions vulnerability [LWN.net] |url=https://lwn.net/ml/linux-kernel/20230214170615.1297202-1-pbonzini@redhat.com/ |access-date=2023-02-14 |website=lwn.net}}

|{{CVE|2022-27672|link=no}}

| colspan="5" {{Yes|Not affected}} || colspan="2" {{No|OS/VMM}}

|-

| colspan="3" |Zenbleed{{Cite web |title=security-research/pocs/cpus/zenbleed at master · google/security-research |url=https://github.com/google/security-research/tree/master/pocs/cpus/zenbleed |access-date=2023-07-27 |website=GitHub |language=en}}
Cross-Process Information Leak{{Cite web |title=AMD: Information Leak in Zen 2 |url=https://github.com/google/security-research/security/advisories/GHSA-v6wh-rxpg-cmm8 |access-date=2023-07-27 |website=GitHub |language=en}}{{Cite web |title=Cross-Process Information Leak |url=https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html |access-date=2023-07-27 |website=AMD}}

|{{CVE|2023-20593|link=no}}

| colspan="6" {{Yes|Not affected}} || {{No|Microcode}}

|-

| colspan="3" |Inception{{Cite web |title=Inception: how a simple XOR can cause a Microarchitectural Stack Overflow |url=https://comsec.ethz.ch/research/microarch/inception/ |access-date=2023-09-15 |website=Computer Security Group |language=en-US}}{{Cite web |title=oss-security - Xen Security Advisory 434 v1 (CVE-2023-20569) - x86/AMD: Speculative Return Stack Overflow |url=https://www.openwall.com/lists/oss-security/2023/08/08/4 |access-date=2023-09-15 |website=www.openwall.com}}
Speculative Return Stack Overflow (SRSO)

|{{CVE|2023-20569|link=no}}

| colspan="5" {{Yes|Not affected}} || colspan="2" {{No|OS/VMM}}

|-

| colspan="3" |Downfall{{Cite web |title=Downfall |url=https://downfall.page/ |access-date=2023-08-09 |website=Downfall Attacks |language=en-US}}{{Cite web |title=Downfall and Zenbleed: Googlers helping secure the ecosystem |url=https://security.googleblog.com/2023/08/downfall-and-zenbleed-googlers-helping.html |access-date=2023-08-09 |website=Google Online Security Blog |language=en}}
Gather Data Sampling (GDS){{Cite web |title=Gather Data Sampling |url=https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/gather-data-sampling.html |access-date=2023-08-09 |website=Intel |language=en}}

|{{CVE|2022-40982|link=no}}

| colspan="5" {{No|Microcode}} || colspan="2" {{Yes|Not affected}}

|}

* Various CPU microarchitectures not included above are also affected, among them are ARM, IBM Power, MIPS and others.{{Cite web|title=Meltdown and Spectre Status Page|url=https://wiki.netbsd.org/security/meltdown_spectre/|access-date=2019-09-29|website=wiki.netbsd.org}}{{Cite web|last=Ltd|first=Arm|title=Speculative Processor Vulnerability {{!}} Cache Speculation Issues Update|url=https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/latest-updates/cache-speculation-issues-update|access-date=2019-09-29|website=ARM Developer|language=en}}{{Cite web|title=About speculative execution vulnerabilities in ARM-based and Intel CPUs|url=https://support.apple.com/en-us/HT208394|access-date=2019-09-29|website=Apple Support|date=May 31, 2018 |language=en}}{{Cite web|date=May 14, 2019|title=Potential Impact on Processors in the POWER Family|url=https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/|access-date=2019-09-29|website=IBM PSIRT Blog|language=en-US}} Vulnerabilities starting with SLAM are not included in the table. It only exists as historical evidence because it doesn't include newer AMD and Intel x86 architectures.

** The 8th generation Coffee Lake architecture in this table also applies to a wide range of previously released Intel CPUs, not limited to the architectures based on Intel Core, Pentium 4 and Intel Atom starting with Silvermont.{{cite web|url=https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00088.html|title=INTEL-SA-00088|website=Intel|language=en|access-date=2018-09-01}}{{cite web|url=https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html|title=INTEL-SA-00115|website=Intel|language=en|access-date=2018-09-01}}

{{notelist}}

{{Reflist}}

• [https://docs.kernel.org/admin-guide/hw-vuln/ Linux kernel docs: Hardware vulnerabilities]
• {{GitHub|speed47/spectre-meltdown-checker}}
• [https://web.archive.org/web/20250116121333/https://vuls.cert.org/confluence/display/Wiki/Vulnerabilities+Associated+with+CPU+Speculative+Execution Vulnerabilities associated with CPU speculative execution]
• [https://arxiv.org/abs/1811.05441 A systematic evaluation of transient execution attacks and defenses]
• [https://transient.fail/ A dynamic tree of transient execution vulnerabilities for Intel, AMD and ARM CPUs]
• [https://gruss.cc/files/sibenik2019_transient.pdf Transient Execution Attacks by Daniel Gruss, June 20, 2019]
• [https://wiki.osdev.org/CPU_Bugs CPU Bugs]
• [https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/refined-speculative-execution-terminology.html Intel: Refined Speculative Execution Terminology]

{{Speculative execution exploits}}

{{Hacking in the 2010s}}

Category:Computer security exploits

Category:Hardware bugs

Category:Side-channel attacks