1. Home
  2. CWE Database
  3. CWE-1303
Base · Medium

CWE-1303: Non-Transparent Sharing of Microarchitectural Resources

Hardware structures shared across execution contexts (e.g., caches and branch predictors) can violate the expected architecture isolation between contexts.

CWE-1303 · Base Level ·2 Mitigations

Description

Hardware structures shared across execution contexts (e.g., caches and branch predictors) can violate the expected architecture isolation between contexts.

Modern processors use techniques such as out-of-order execution, speculation, prefetching, data forwarding, and caching to increase performance. Details about the implementation of these techniques are hidden from the programmer's view. This is problematic when the hardware implementation of these techniques results in resources being shared across supposedly isolated contexts. Contention for shared resources between different contexts opens covert channels that allow malicious programs executing in one context to recover information from another context. Some examples of shared micro-architectural resources that have been used to leak information between contexts are caches, branch prediction logic, and load or store buffers. Speculative and out-of-order execution provides an attacker with increased control over which data is leaked through the covert channel. If the extent of resource sharing between contexts in the design microarchitecture is undocumented, it is extremely difficult to ensure system assets are protected against disclosure.

Potential Impact

Confidentiality

Read Application Data, Read Memory

Mitigations & Prevention

Architecture and Design

Microarchitectural covert channels can be addressed using a mixture of hardware and software mitigation techniques. These include partitioned caches, new barrier and flush instructions, and disabling high resolution performance counters and timers.

Requirements

Microarchitectural covert channels can be addressed using a mixture of hardware and software mitigation techniques. These include partitioned caches, new barrier and flush instructions, and disabling high resolution performance counters and timers.

CWE-1189: Improper Isolation of Shared Resources on System-on-a-Chip (SoC)

The System-On-a-Chip (SoC) does not properly isolate shared resources between trusted and untrusted agents.

CWE-203: Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable t...

Frequently Asked Questions

What is CWE-1303?

CWE-1303 (Non-Transparent Sharing of Microarchitectural Resources) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. Hardware structures shared across execution contexts (e.g., caches and branch predictors) can violate the expected architecture isolation between contexts.

How can CWE-1303 be exploited?

Attackers can exploit CWE-1303 (Non-Transparent Sharing of Microarchitectural Resources) to read application data, read memory. This weakness is typically introduced during the Architecture and Design, Implementation phase of software development.

How do I prevent CWE-1303?

Key mitigations include: Microarchitectural covert channels can be addressed using a mixture of hardware and software mitigation techniques. These include partitioned caches, new barrier and flush instructions, and disabling

What is the severity of CWE-1303?

CWE-1303 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.