39 hardware vulnerabilities: A guide to the threats

In January 2018, the entire computer industry was put on alert by two new processor vulnerabilities dubbed Meltdown and Spectre that defeated the fundamental OS security boundaries separating kernel and user space memory. The flaws stemmed from a performance feature of modern CPUs known as speculative execution and mitigating them required one of the biggest patch coordination efforts in history, involving CPU makers, device manufacturers and operating system vendors.

Meltdown and Spectre were certainly not the first vulnerabilities to result from a hardware design decision, but their widespread impact sparked the interest of the security research community into such flaws. Since then, many researchers, both from academia and the private sector, have been studying the low-level operation of CPUs and other hardware components and have been uncovering more and more issues.

Some hardware vulnerabilities are impossible to mitigate completely without releasing a new generation of components, while others can be fixed in firmware, the low-level programming present in hardware chips. In either case, patching is not straightforward, so such flaws can continue to impact real world devices for a very long time.

Here are some of the most significant CPU and DRAM vulnerabilities, discovered both before and after Meltdown.

CPU side-channel attacks 

1. Spectre variant 1
2. Spectre variant 2
3. Meltdown variant 3
4. Meltdown-GP
5. Meltdown-NM
6. Spectre-NG
7. Spectre-PHT
8. Meltdown-RW
9. Foreshadow-OS
10. Foreshadow-VMM
11. Foreshadow-SGX
12. Meltdown-PK and Meltdown-BND
13. Spectre-PHT-CA-OP, Spectre-PHT-CA-IP and Spectre-PHT-SA-OP
14. Spectre-BTB-SA-IP and Spectre-BTB-SA-OP
15. Fallout
16. RIDL
17. Zombieload
18. Starbleed
19. PLATYPUS
20. SRBDS
21. Spectre-BHI
22. Retbleed
23. Hertzbleed
24. SQUIP
25. Zenbleed
26. Downfall
27. Reptar
28. Inception
29. SLAM
30. GhostRace
31. TikTag
32. Indirector

Spectre variant 1 (CVE-2017-5753)

Also known as bounds check bypass, CVE-2017-5753 allows attackers to exploit the branch prediction feature of modern CPUs to extract information from the memory of other processes by using the CPU cache as a side channel. It allows one process to extract sensitive information from the memory of another process but could also bypass the user/kernel memory privilege boundary. The vulnerability affects Intel, IBM, and a limited number of ARM CPUs.

Spectre variant 2 (CVE-2017-5715)

Spectre variant 2 has the same impact as variant 1 but uses a different exploitation technique called branch target injection. Mitigating this variant of Spectre efficiently requires updates to the affected CPU microcode, which can be applied either through BIOS/UEFI updates or by the operating system at every reboot.

Meltdown variant 3 (CVE-2017-5754)

Also known as Rogue Data Cache Load (RDCL) or variant 3 of the CPU speculative execution flaws, Meltdown is a vulnerability that leverages the out-of-order execution capabilities of modern Intel CPUs. It allows a user process to read protected kernel memory across security boundaries. The fix only requires operating system updates and involves enforcing stricter isolation of the kernel memory, which typically contains sensitive secrets, through mechanisms such as Linux’s kernel page-table isolation (KPTI).

Meltdown-GP (CVE-2018-3640)

A variant of Meltdown, or variant 3a, it uses speculative reads of system registers to achieve side-channel leaks of information. Because of this, it is also know Rogue System Register Read (RSRE). Mitigation requires microcode updates.

Meltdown-NM (CVE-2018-3665)

A speculative execution flaw related to Meltdown that’s also known as LazyFP and can be used to leak the state of the floating-point unit (FPU) — a specialized math coprocessor present in Intel’s modern CPUs that’s used to accelerate mathematical operations on floating point numbers. The FPU state can contain sensitive information from cryptographic operations. This vulnerability can be mitigated by enforcing “eager” instead of “lazy” FPU context switching at the operating system level.

Spectre-NG (CVE-2018-3639)

Also known as Spectre variant 4, or Speculative Store Bypass (SSB), this is a Spectre variant that allows performing memory reads before prior memory write addresses are known and can be used to leak cross-process information. Mitigation requires both microcode and OS updates.

Spectre-PHT (CVE-2018-3693)

Also known as Spectre 1.1, is a variant of Spectre that leverages speculative stores to create speculative buffer overflows. It allowed bypassing some of the previous software-based mitigations for Spectre and requires OS updates.

Meltdown-RW 

Also known as Spectre 1.2, is a variant that leverages speculative stores to overwrite read-only data and code pointers. This variant can be used to breach software sandboxes and is related Spectre 1.1. Mitigation required OS updates.

Foreshadow-OS (CVE-2018-3620)

Also known as L1 Terminal Fault, Foreshadow is a speculative execution attack against Intel CPUs that allows extracting information from the processor’s L1 data cache. This is particularly sensitive in the context of virtual machines which split the same physical CPU into multiple virtual CPUs, because those virtual CPUs use the same L1 cache. This variant allows attackers to extract information from the OS or SMM (system management mode), an alternate mode of CPU operation that is separate from the operating system and is designed to be used by BIOS/UEFI or low-level OEM code.

Foreshadow-VMM (CVE-2018-3646)

A variant of Foreshadow that affects virtual machines and allows a guest operating system running inside a VM to potentially read sensitive memory from other guest VMs or the hypervisor itself.

Foreshadow-SGX (CVE-2018-3615)

A variant of Foreshadow that allows attackers to read the memory of Intel Software Guard Extensions (SGX) enclaves. SGX is a trusted execution environment provided by some Intel CPUs that allows developers to store data and execute code securely, even if the operating system itself has been compromised.

Meltdown-PK and Meltdown-BND

Meltdown-PK (Protection Key Bypass) and Meltdown-BND (Bounds Check Bypass) are two variants of Meltdown presented in November 2018 by a team of academic researchers as part of a larger evaluation of transient execution attacks. Meltdown-PK affects Intel CPUs while Meltdown-BND affects both Intel and AMD.

Spectre-PHT-CA-OP, Spectre-PHT-CA-IP and Spectre-PHT-SA-OP

These are variants of Spectre that leverage the CPU’s Pattern History Table (PHT). They were disclosed at the same time as Meltdown-PK and Meltdown-BND by the same team.

Spectre-BTB-SA-IP and Spectre-BTB-SA-OP 

These are variants of the Spectre attack that leverage the Branch Target Buffer (BTB). They were disclosed in November 2018 by the same team who found Meltdown-PK and Meltdown-BND. The team concluded at the time that “most defenses, including deployed ones, cannot fully mitigate all attack variants.”

Fallout (CVE-2018-12126)

Fallout, also known as microarchitectural store buffer data sampling (MSBDS), is a vulnerability whose effects are similar to Meltdown in that it can be used to leak sensitive secrets from protected memory regions across security boundaries. It is part of a new class of side-channel attacks against CPUs that Intel calls Microarchitectural Data Sampling (MDS). The flaw affects both operating systems and hypervisors and mitigation requires CPU microcode updates.

RIDL (CVE-2018-12127 and CVE-2018-12130)

Another two variants of MDS attacks known as microarchitectural load port data sampling (MLPDS) and microarchitectural fill buffer data sampling (MFBDS). Like Fallout, mitigation requires CPU microcode updates.

Zombieload (CVE-2019-11091)

A fourth variant of MDS attacks known as microarchitectural data sampling uncacheable memory (MDSUM). Like Fallout and RIDL, it can be used to leak sensitive kernel or hypervisor memory.

Starbleed

Starbleed is a design flaw in the bitstream encryption process of field-programmable gate arrays (FPGAs) made by Xilinx. Unlike CPUs, which come with predetermined general-purpose instructions fit for most computing tasks, FPGAs are integrated circuits whose logic is programmable by the customer. They’re usually configured to perform one specific task more efficiently than general-purpose CPUs and are widely used for mission- or safety-critical applications in sectors such as aerospace, finance, and the military.

Configuration files loaded by customers onto FPGAs are called bitstreams, and FPGA manufacturers, like Xilinx, which controls around 50% of the FPGA market, have added encryption and bitstream validation mechanisms to protect customers’ intellectual property and other secrets deployed FPGAs might contain. Researchers from Horst Goertz Institute for IT Security at Ruhr University Bochum in Germany found a design flaw in the bitstream security mechanism of Xilinx 7-Series and Virtex-6 FPGAs that allows an attacker to decrypt bitstreams and modify them.

To pull off the Starbleed attack, hackers need access to a hardware configuration interface on the FPGA, which normally requires physical access to the device. But some FPGAs are programmed and reprogrammed through separate microcontrollers, which can be connected to a network, in which case an attack could be executed remotely.

The design flaw cannot be patched because it exists in the silicon, so it will be corrected in future generations of Xilinx FPGAs. The company has been notified of the vulnerability before the paper was published and has sent an advisory to customers.

PLATYPUS

PLATYPUS is a side-channel attack that abuses the running average power limit (RAPL) interface that measures CPU power consumption and is present in all Intel CPUs developed since 2011 (Sandy Bridge). It is the first differential power analysis attack that can be executed remotely and used to leak secrets such as encryption keys from the Linux kernel memory and Intel SGX secure enclaves.

The attack was announced in November 2020 and was devised by a team of researchers from the Graz University of Technology, the University of Birmingham in UK, and CISPA Helmholtz Center for Information Security. The Linux kernel developers patched the vulnerabilities, which are tracked as CVE-2020-8694 and CVE-2020-8695, by preventing unprivileged applications from accessing the RAPL energy consumption data.

However, this does not address the privileged attack vector against Intel SGX, a trusted execution environment (TEE) built into the CPU that’s supposed to keep sensitive cryptographic data secure even in the case of a complete OS compromise. To address this, users have to deploy CPU microcode updates released by Intel.

While the researchers tested and confirmed their attack on Intel CPUs, they warned that CPUs from other chip makers including AMD, Nvidia and ARM also have on-board energy meters that are accessible and could be vulnerable to a variation of this attack.

SRBDS (CVE-2020-0543)

SRBDS (Special Register Buffer Data Sampling) is an attack technique developed by researchers at VU Amsterdam in 2020 that demonstrates the possibility of speculative execution attacks that leak data through side-channels across CPU cores. Previously, such attacks and their mitigations assumed the attacker and victim share the same CPU core because internal CPU buffers used to leak data are shared by the hyperthreads running on the same CPU core.

But the researchers found that some instructions can read data from a staging buffer shared between all CPU cores, expanding the attack surface of known and previously mitigated speculative execution attacks such as RIDL (CVE-2018-12127 and CVE-2018-12130). The team developed a tool called CrossTalk to examine the behavior of all x86 instructions in different contexts to determine when they make offcore memory requests and then used the new attack technique to leak the random number generator (RNG) output used by Intel SGX secure enclaves from the staging buffer. With this RNG output they were able to leak the ECDSA private key of an Intel SGX enclave running on a separate CPU core after the key was used to perform a single digital signature operation.

Intel released CPU microcode updates to mitigate the vulnerability for critical instructions such as RDRAND, RDSEED, and EGETKEY that locks the entire memory bus until the staging buffer is cleared. This operation adds a significant performance overhead, which is why it was only introduced for certain instructions.

Spectre-BHI (CVE-2022-0001, CVE-2022-0002 and CVE-2022-23960)

Spectre-BHI (Branch History Injection) or Spectre-BHB (Branch History Buffer), is an attack disclosed in March 2022 by researchers from VU Amsterdam that’s a variation of the original Spectre v2 or Spectre-BTI (Branch Target Injection) attack and impacts Intel and ARM CPUs. Like Spectre-BTI, the new attack variation can leak sensitive information from the kernel’s memory but does so by poisoning the global history of the CPU predictor, which bypasses the hardware defenses introduced by CPU vendors.

By exploiting the original Spectre v2 flaw attackers could actually inject target code locations and then trick the kernel to execute that code, but with the new Spectre-BHI attack, they have to leverage code gadgets and snippets that already exist in the history because they were executed in the past and which might leak interesting data. This makes Spectre-BHI exploitation harder, but the technique shows the Spectre attack surface is larger than previously believed.

To demonstrate the attack, the researchers abused eBPF, a technology available in Linux since kernel 4.4 that allows the execution of sandboxed programs inside the kernel. If enabled, this mechanism makes it very easy to exploit speculative execution issues like Spectre-BHI Linux, but disabling it does not completely mitigate the issue as other gadgets can be found to leak data.

Retbleed (CVE-2022-29901 and CVE-2022-29900)

Retbleed is an attack technique disclosed in July 2022 by researchers from ETH Zurich that exploits the speculative execution feature of Intel and AMD CPUs and circumvents software defenses OSes put in place to prevent previous exploits such as Spectre.

The original 2018 Spectre attacks later triggered branch target speculation by using indirect jumps or calls, at which time Google researchers proposed a software defense mechanism called retpoline to replace indirect jumps and calls in software with return instructions. Returns were believed to be impractical to exploit because they normally don’t trigger speculative execution, but Retbleed proves they can under certain conditions, such as when executing deep call stacks to underflow the return stack buffer. The researchers demonstrated their attack on Linux where they found over 1,000 conditions that could allow for this.

Intel refers to Retbleed as Return Stack Buffer Underflow (RSBU) and said that systems that use its hardware mitigations, namely indirect branch restricted speculation (IBRS) or enhanced IBRS (eIBRS), are protected against the attack. Only systems that rely solely on the retpoline software mitigation for performance reasons, or which use older CPUs that don’t have the hardware mitigation, are impacted. AMD considers the attack part of a larger class of microarchitectural misbehavior dubbed Branch Type Confusion (CVE-2022-23825).

Hertzbleed (CVE-2022-23823 and CVE-2022-24436)

Hertzbleed is a new family of side-channel attacks affecting Intel, AMD and possibly ARM CPUs that was disclosed in June 2022 by a team of academic researchers from University of Texas at Austin, University of Illinois Urbana-Champaign and University of Washington. It stems from dynamic frequency scaling, a feature in modern CPUs that is used to reduce power consumption and ensure the CPU stays below thermal and power limits. The researchers who discovered the attack show that different computations can use different CPU frequencies depending on the data that’s being processed.

Power analysis attacks are not new, but they are typically local and require some sort of power measurement interface in order to monitor differences between computations and infer details about what’s being processed. This side-channel technique has been used before to leak cryptographic secrets such as keys.

Hertzbleed, however, shows that frequency scaling generates timing differences in computations and these can be observed even remotely without any power measurement interface. The novelty is that Hertzbleed works even against so-called constant time cryptographic implementations that were intentionally designed to prevent leaking information through timing analysis.

The researchers used Hertzbleed to implement a novel chosen-ciphertext attack against SIKE (Supersingular Isogeny Key Encapsulation), a post-quantum key encapsulation mechanism that is also a NIST competition finalist and is implemented as constant time. The team was able to  perform a full key extraction via remote timing.

Intel published guidance for developers of cryptographic libraries to mitigate Hertzbleed using software countermeasures. Another possible mitigation is to disable “Turbo Boost” at runtime on the system, but this has a significant system-wide performance impact.

SQUIP (CVE-2021-46778)

SQUIP is a side channel attack and vulnerability impacting AMD CPUs that was disclosed in August 2022. The attack was devised by researchers from Lamarr Security Research, Graz University of Technology, and Georgia Institute of Technology, and it exploits scheduler queues used during simultaneous multithreading (SMT) operations to schedule instructions that will be executed in CPUs. By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information, AMD said.

Zenbleed (CVE-2023-20593)

Zenbleed is a vulnerability patched in July 2013 in the Zen 2 family of AMD CPUs. The flaw was found by security researchers from Google and is described as a user-after-free memory vulnerability but for CPUs. It’s caused by incorrectly implemented speculative execution of the SIMD Zeroupper instruction and can allow attackers to leak stale data from physical hardware registers. Such data can include sensitive information such as passwords or encryption keys.

Downfall (CVE-2022-40982)

Downfall, technically called Gather Data Sampling (GDS) by Intel, is a transient execution vulnerability disclosed in August 2023 that impacts multiple generations of Intel CPUs. Found by security researchers from Google, the flaw is similar to Zenbleed in that it allows attackers to leak sensitive data belonging to other processes and users sharing the same CPU core because stale data stored in physical hardware registers as a result of speculative execution is forwarded to subsequent instructions. The data can be extracted using techniques similar to those used by Meltdown. The flaw also impacts the security of Intel’s Software Guard Extensions (SGX) security subsystem.

Reptar (CVE-2023-23583)

Reptar is a third CPU vulnerability found by Google security researchers last year and was patched in November 2023. It impacts Intel CPUs that support a new feature called fast short repeat move (FSRM) and can result in privilege escalation. The flaw is caused by the CPU microcode not ignoring redundant instruction prefixes when FSRM is active and interpreting them in weird ways.

Inception (CVE-2023-20569)

Inception is a vulnerability in AMD CPUs that can lead to found by researchers from ETH Zurich that was disclosed in August 2023 and can lead to sensitive information disclosure. Inception is a new type of speculative execution attack that hijacks the transient control-flow of return instructions and allows attackers to insert new predictions into the CPU branch predictor at an attacker-controlled address register.

SLAM

Spectre based on Linear Address Masking (SLAM) is a proof-of-concept attack technique devised by researchers from Vrije Universiteit Amsterdam that shows how previously unexplored Spectre gadgets could be exploited on upcoming AMD, Intel, and ARM CPUs that implement linear address masking, a new security feature planned by CPU vendors: Intel’s Linear Address Masking (LAM), AMD’s Upper Address Ignore (UAI), and ARM’s Top Byte Ignore (TBI). SLAM is notable for being the first speculative execution attack targeting CPU features that were announced but not yet released.

GhostRace (CVE-2024-2193)

GhostRace is a new type of CPU attack disclosed in March 2024 by researchers from Vrije Universiteit Amsterdam that take advantage of race conditions on speculatively executed code paths. The research shows that synchronization primitives implemented using conditional branches at the OS level can be bypassed on speculative paths using a Spectre v1 attack, potentially allowing for information leaks from targeted software.

TikTag

TikTag is an attack that leverages speculative execution to bypass a new security feature in ARM CPUs called the Arm Memory Tagging Extension (MTE). This feature, when used by operating systems, makes it harder to exploit out-of-bounds memory violations such as buffer overflows that can lead to arbitrary code execution. The TikTag attack was developed by a team of researchers from Seoul National University, Samsung Research and Georgia Institute of Technology and was described in a research paper in June 2024. Separately, researchers from Vrije Universiteit Amsterdam already showed that MTE is vulnerable to speculative execution probing with an attack they dubbed Spectre-MTE and proposed a proposed a mitigation called StickyTags.

Indirector

Indirector is a new speculative execution attack that is a variation of Spectre v2 and was disclosed in July 2024. The attack, developed by researchers from University of California San Diego exploits the indirect branch predictor (IBP) and the branch target buffer (BTB) in high-end Intel CPUs (Raptor Lake and Alder Lake) to perform precise branch target injections and leak sensitive data across processes and privilege levels.

DRAM memory attacks

1. Rowhammer
2. Rowhammer.js
3. Drammer
4. Flip Feng Shui
5. ECCploit
6. Throwhammer
7. RAMBleed

Rowhammer

Rowhammer is a physical effect with security implications that occurs inside SDRAM chips when the same physical row of memory cells is read for a large number of times in rapid succession — an action dubbed hammering. This can cause electric charges from cells in the hammered row to leak into adjacent rows, modifying the value of the cells in those rows. This is known as bit flipping and possible because of the increased cell density of modern SDRAM chips, particularly DDR3 and DDR4.

While the Rowhammer effect has been known or documented for a long time, members of Google’s Project Zero team were the first to prove it can have security implications in March 2015 when they revealed two privilege escalation exploits based on it.

Rowhammer.js

Rowhammer.js was an implementation of the Rowhammer attack via JavaScript, proving that this flaw can be exploited remotely through the browser, simply by visiting a malicious web page. Browser vendors have added mitigations against this exploit.

Drammer – CVE-2016-6728

Drammer is a Rowhammer-type exploit demonstrated in 2016 against Android devices. Until then the memory chips in mobile devices were thought to be unaffected.

Flip Feng Shui

An implementation of the Rowhammer attack against virtual machines, where a malicious guest VM can flip bits in the physical memory affecting a different virtual machine in a controlled manner. The researchers demonstrated this by breaking the OpenSSH public key authentication in the target VM.

ECCploit 

ECCploit is an attack that demonstrates that Rowhammer-type attacks can work even against SDRAM chips that have error-correcting code (ECC) capabilities. This type of memory, which is typically used in servers, was thought to be immune to Rowhammer.

Throwhammer

A Rowhammer attack that can be exploited over a network by leveraging the remote direct memory access (RDMA) feature present in fast network cards like those used in servers.

RAMBleed

RAMBleed is the first attack that has shown it is possible to use the Rowhammer effect to steal data from memory cells instead of simply modifying it. Previous Rowhammer attacks compromised memory integrity through bit flips, which could lead to privilege escalation and other conditions. Meanwhile, RAMBleed uses row hammering and a side-channel in order to infer information about and ultimately extract data from adjacent memory cells. In that respect it is similar to the effects of Meltdown and Spectre.

Editor’s note: This article, originally published in July 2019 and amended in August 2022, has been updated to include new vulnerabilities as they come to light.