2022/05/07 更新
Affected Processors: Transient Execution Attacks & Related Security...
https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html
Guidance for System Administrators to Mitigate Transient Execution...
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/sysadmin-guidance-transient-execution-side-channel.html
Loading Microcode from the OS
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/secure-coding/loading-microcode-os.html
Security Best Practices for Side Channel Resistance
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/secure-coding/security-best-practices-side-channel-resistance.html
Guidelines for Mitigating Timing Side Channels Against Cryptographic...
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/secure-coding/mitigate-timing-side-channel-crypto-implementation.html
How to Assess the Risk of Your Application
https://www.intel.com/content/www/us/en/developer/articles/training/software-security-guidance/secure-coding/how-assess-risk-your-application.html
CPUID Enumeration and Architectural MSRs
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/cpuid-enumeration-and-architectural-msrs.html
Indirect Branch Restricted Speculation
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/indirect-branch-restricted-speculation.html
Single Thread Indirect Branch Predictors
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/single-thread-indirect-branch-predictors.html
Indirect Branch Predictor Barrier
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/indirect-branch-predictor-barrier.html
Analyzing Potential Bounds Check Bypass Vulnerabilities
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/analyzing-bounds-check-bypass-vulnerabilities.html
Spectre mitigations in MSVC - C++ Team Blog
https://devblogs.microsoft.com/cppblog/spectre-mitigations-in-msvc/
Mitigating Spectre variant 2 with Retpoline on Windows - Microsoft Tech Community
https://techcommunity.microsoft.com/t5/windows-kernel-internals-blog/mitigating-spectre-variant-2-with-retpoline-on-windows/ba-p/295618
Retpoline: A Branch Target Injection Mitigation
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/retpoline-branch-target-injection-mitigation.html
Meltdown (security vulnerability) - Wikipedia
https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)
Kernel page-table isolation - Wikipedia
https://en.wikipedia.org/wiki/Kernel_page-table_isolation
KVA Shadow: Mitigating Meltdown on Windows – Microsoft Security Response Center
https://msrc-blog.microsoft.com/2018/03/23/kva-shadow-mitigating-meltdown-on-windows/
Rogue System Register Read / CVE-2018-3640 / INTEL-SA-00115
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/rogue-system-register-read.html
Speculative Store Bypass / CVE-2018-3639 / INTEL-SA-00115
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/speculative-store-bypass.html
Analysis and mitigation of speculative store bypass (CVE-2018-3639) – Microsoft Security Response Center
https://msrc-blog.microsoft.com/2018/05/21/analysis-and-mitigation-of-speculative-store-bypass-cve-2018-3639/
Foreshadow - Wikipedia
https://en.wikipedia.org/wiki/Foreshadow
L1 Terminal Fault
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/intel-analysis-l1-terminal-fault.html
Microarchitectural Data Sampling - Wikipedia
https://en.wikipedia.org/wiki/Microarchitectural_Data_Sampling
Microarchitectural Data Sampling
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/intel-analysis-microarchitectural-data-sampling.html
Intel® Transactional Synchronization Extensions (Intel® TSX)...
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/intel-tsx-asynchronous-abort.html
Speculative Behavior of SWAPGS and Segment Registers
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/speculative-behavior-swapgs-and-segment-registers.html
Spoiler (security vulnerability) - Wikipedia
https://en.wikipedia.org/wiki/Spoiler_(security_vulnerability)
More Information on Spoiler
https://www.intel.com/content/www/us/en/developer/articles/news/more-information-spoiler.html
CPUの新たな脆弱性 SPOILERの論文を読む - FPGA開発日記
https://msyksphinz.hatenablog.com/entry/2019/03/11/040000
INTEL-SA-00145
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html
Lazy FPU Save/Restore (CVE-2018-3665) - Red Hat Customer Portal
https://access.redhat.com/ja/solutions/3489521
NetBSD 8.0がSpectre V2/V4、Meltdown、Lazy FPUの軽減などを提供
https://www.infoq.com/jp/news/2018/07/netbsd-8-released/
まさみさん⋈語りたいさんはTwitterを使っています:
「Linuxは3.7以降ならeagerfpu=onのブートパラメタで回避可能だし、
4.6以降はデフォルトでeagerfpu有効。
lazyfpuは殆どパフォーマンス的に意味がなかったらしい。
https://t.co/6BqBFDPYrt
コミット。 https://t.co/amgTkvEo9d」
/ Twitter https://twitter.com/mhiramat/status/1007528520208211970
Cyberus Technology - Intel LazyFP vulnerability: Exploiting lazy FPU state switching
https://blog.cyberus-technology.de/posts/2018-06-06-intel-lazyfp-vulnerability.html
x86/fpu: Hard-disable lazy FPU mode · torvalds/linux@ca6938a
https://github.com/torvalds/linux/commit/ca6938a1cd8a1c5e861a99b67f84ac166fc2b9e7#diff-6a01d6e7c8d7d23cfa48026e616275e8
うー@技術書典8Day1う31さんはTwitterを使っています:
「逆アセンブルして覗いてみると、AVXレジスタを用いた
mov命令なんて知らなかったなー、みたいな気持ちになる。」
/ Twitter https://twitter.com/uchan_nos/status/1158192868080513024
とみながたけひろさんはTwitterを使っています:
「@uchan_nos このせいで最近はFPU lazy context switchとかが
全然メリットにならないというかむしろ遅くなったりするんですよねえ」
/ Twitter https://twitter.com/takehiro_t/status/1158335098564956160
CacheOut
https://cacheoutattack.com/
L1D Eviction Sampling / CVE-2020-0549 / INTEL-SA-00329
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/l1d-eviction-sampling.html
Processors Affected: L1D Eviction Sampling
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/resources/processors-affected-l1d-eviction-sampling.html
Vector Register Sampling / CVE-2020-0548 , CVE 2020-8696 /...
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/vector-register-sampling.html
Processors Affected: Vector Register Sampling
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/resources/processors-affected-vector-register-sampling.html
LVI: Hijacking Transient Execution with Load Value Injection
https://lviattack.eu/
An Optimized Mitigation Approach for Load Value Injection
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/optimized-mitigation-approach-load-value-injection.html
Load Value Injection
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/load-value-injection.html
Processors Affected: Load Value Injection
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/resources/processors-affected-load-value-injection.html
Snoop-assisted L1 Data Sampling / CVE-2020-0550 / INTEL-SA-00330
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/snoop-assisted-l1-data-sampling.html
Snoop-Assisted L1 Data Sampling
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/snoop-assisted-l1-data-sampling.html
Processors Affected: Snoop-assisted L1 Data Sampling
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/resources/processors-affected-snoop-assisted-l1d-sampling.html
Special Register Buffer Data Sampling
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/special-register-buffer-data-sampling.html
SRBDS Mitigation Impact on Intel® Secure Key
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/srbds-mitigation-impact-intel-secure-key.html
Processors Affected: Special Register Buffer Data Sampling
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/resources/processors-affected-srbds.html
PLATYPUS: With Great Power comes Great Leakage
https://platypusattack.com/
Running Average Power Limit Energy Reporting CVE-2020-8694,...
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/running-average-power-limit-energy-reporting.html
INTEL-SA-00389
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html