Instructions Affected by Rogue System Register Read

ID 660246
Updated 5/21/2018
Version Latest
Public

author-image

By

Rogue System Register Read (INTEL-SA-00115) is a domain-bypass transient execution attack that uses transient execution of instructions to potentially allow malicious actors to infer the values of some system register states that should not be architecturally accessible. This method was first described as Variant 3a (V3a) in the Cache Speculation Side-channels ARM* white paper.

Although these transient operations will architecturally fault or VM exit, in certain cases they may return data that is accessible to subsequent instructions in the speculative execution path. These subsequent instructions can then create a side channel to infer the system register state. Refer to the Rogue System Register Read disclosure for further details and mitigations for this issue.

The table below describes transient execution behavior that may occur on one or more existing Intel processors. Individual processors will only be affected by a subset of the issues listed below. These issues are addressed in future processors.

Table 1. List of Instructions Affected by Rogue System Register Read
Instruction Transient Behavior
Counters
RDTSC RDTSC may transiently return the Timestamp counter even when CR4.TSD is set and CPL > 0.
RDTSCP RDTSCP may transiently return the Timestamp counter and Processor ID even when CR4.TSD is set and CPL > 0.
RDPMC RDPMC may transiently return the performance monitoring counter even when CR4.PCE is clear and CPL > 0.
Debug Registers
Mov reg, DR{0 to 7} The contents of DR0 to DR7 may transiently be returned even when DR7.GD is set or Mov-DR exiting VM-execution control is set. Additionally, DR4 and DR5 may transiently be returned even when CR4.DE is set.
Control Registers
Mov reg, CR3 Mov reg, CR3 may transiently return the CR3 value even when CR3-load exiting VM-execution control is set.
Others
SWAPGS SWAPGS at CPL > 0 may transiently swap the GS base and IA32_KERNEL_GS_BASE MSR.
RDFSBASE/RDGSBASE RDFSBASE and RDGSBASE may transiently execute even when CR4.FSGSBASE is 0.
XGETBV When CR4.OSXSAVE is set, XGETBV may transiently return the xcrx value.
UMIP
STR, SIDT, SLDT, SGDT These instructions may transiently execute even when CR4.UMIP is set and CPL > 0 and even when the descriptor-table exiting VM-execution control is set.
SMSW These instructions may transiently execute even when CR4.UMIP is set and CPL> 0.

 

Software Security Guidance Home | Advisory Guidance | Technical Documentation | Best Practices | Resources