Software Security Guidance
This information is designed for developers and systems experts looking to understand potential vulnerabilities and assess risk, with resources and recommendations for building more secure solutions.
Your Source for Software and Hardware Security Information
Explore in-depth guidance related to the latest security vulnerabilities, as well as the Intel security features and best practices designed to help protect systems and code from those vulnerabilities. This information helps enable developers and system administrators to better understand how software and hardware can work together to create more secure computing environments in an evolving security landscape.
Featured Security Guidance
| CVSS | Issue Overview | CVE | INTEL-SA | Disclosure Date | Technical Documentation (If Applicable) |
|---|---|---|---|---|---|
| 6.5 | Register File Data Sampling | CVE-2023-28746 | INTEL-SA-00898 | 2024-03-12 | n/a |
| 6.1 | Trusted Execution Configuration Register Access | CVE-2023-22655 | INTEL-SA-00960 | 2024-03-12 | n/a |
| 8.8 | Redundant Prefix Issue | CVE-2023-23583 | INTEL-SA-00950 | 2023-11-14 | n/a |
| 6.5 | Gather Data Sampling | CVE-2022-40982 | INTEL-SA-00828 | 2023-08-08 | Gather Data Sampling |
| 6.1 | Processor MMIO Stale Data Vulnerabilities | CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 |
INTEL-SA-00615 | 2022-06-14 | Processor MMIO Stale Data Vulnerabilities |
| 4.7 | 2022-03-08 |
Branch History Injection |
Check Affected Processors
Evaluate the impact of transient execution attacks from 2018 through today on Intel® CPUs to determine the recommended way to stay protected from potential attacks.
Trusted Computing Base Recovery Attestation
Get attestation guidance for Trusted Computing Base Recovery (TCB-R), which helps you deploy the latest security updates for confidential computing technologies, including Intel® Software Guard Extensions (Intel® SGX) and Intel® Trust Domain Extensions (Intel® TDX).
Proactively Secure Software for Intel® Processors
To develop for system security and performance, developers must understand how software works with hardware. To balance both priorities:
- Adhere to security best practices and secure coding principles as a first line of defense.
- Download the latest microcode and follow the recommended mitigation guidance for known issues.
- Learn Intel hardware behavior and how software can best use that behavior and associated features.
The following documents show how to develop and secure software running on Intel processors, as well as details and options for fine-tuned control of software and hardware features according to the most up-to-date guidance.
Latest Feature Documentation
Learn more about how to optimize your software using Intel's security features, platform controls, and performance enhancements. Always keep your systems up-to-date to ensure access to the latest features.
Some newer Intel processors support a new hardware prefetcher feature classified as a Data-Dependent Prefetcher (DDP), which exhibits properties designed to restrict side channel attacks.
Frequency Throttling Side Channel Software Guidance for Cryptography Implementations
For developers implementing cryptographic algorithms, to mitigate timing side channels due to cycle differences, Intel recommends selecting instructions whose execution time is data-independent.
Fast Store Forwarding Predictor
Learn about the Fast Store Forwarding Predictor performance feature and how its properties can be used to help prevent potential exploitation of transient execution disclosure gadgets.
MONITOR and UMONITOR Performance Guidance
Some Intel processors provide developers with the option to configure the behavior of MONITOR and UMONITOR instructions to improve performance.
View Security Advisories
Visit the Intel Security Center to review a comprehensive list of fixes, workarounds, and recommendations for vulnerabilities identified with Intel products.
Frequent References
Find guidance for common questions when assessing risk.
Security Information
Learn more about Intel's commitment to security.
Vulnerability Management at Intel
Intel has sophisticated systems to address security vulnerabilities in Intel products, led by the Product Security & Incident Response Team (PSIRT). Learn more about vulnerability handling and disclosure processes.
Report a Security Vulnerability
If you believe you've found a security vulnerability in an Intel product or solution, notify us through the Intel Bug Bounty Program, and work with Intel to mitigate and coordinate disclosure of the vulnerability.
Watch this video to find out what you can expect when participating in the Intel Bug Bounty Program.
Product and Performance Information
Performance varies by use, configuration and other factors. Learn more at www.Intel.com/PerformanceIndex.
Features and benefits in Intel® technologies depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at Intel.com.
Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors.
Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more complete information visit www.intel.com/benchmarks.
Performance results are based on testing as of dates shown in configurations and may not reflect all publicly available updates.
The products and services described may contain defects or errors known as errata which may cause deviations from published specifications. Current characterized errata are available on request.
Intel provides these materials as-is, with no express or implied warranties.