Hardware vulnerabilities¶
This section describes CPU vulnerabilities and provides an overview of the possible mitigations along with guidance for selecting mitigations if they are configurable at compile, boot or run time.
- Attack Vector Controls
- Spectre Side Channels
- L1TF - L1 Terminal Fault
- MDS - Microarchitectural Data Sampling
- TAA - TSX Asynchronous Abort
- iTLB multihit
- SRBDS - Special Register Buffer Data Sampling
- Core Scheduling
- L1D Flushing
- Processor MMIO Stale Data Vulnerabilities
- Cross-Thread Return Address Predictions
- Speculative Return Stack Overflow (SRSO)
- GDS - Gather Data Sampling
- Register File Data Sampling (RFDS)
- RSB-related mitigations
- Old Microcode
- Indirect Target Selection (ITS)
- VMSCAPE