Intel® Processor Speculative Cross Store Bypass Advisory

Summary:

A potential security vulnerability in Intel® Processors may allow information disclosure.** **Intel is releasing prescriptive guidance to address this potential vulnerability.

Vulnerability Details:

CVEID: CVE-2021-33149

Description: Observable behavioral discrepancy in some Intel® Processors may allow an authorized user to potentially enable information disclosure via local access.

CVSS Base Score: 2.5 Low

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N****

Affected Products:

All Intel® Processor families.

Recommendations:

Intel is releasing prescriptive guidance to mitigate this issue.

Prescriptive guidance: Intel recommends that any potential gadget utilize an LFENCE after loads that should observe writes from another thread to the same shared memory address.

Acknowledgements:

Intel would like to thank Danping Li and Ziyuan Zhu from Institute of Information Engineering, Chinese Academy of Sciences for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.