Platform Security Guidance
In-depth Security Information on Intel Hardware, Software, and Systems
Explore security advisory guidance, technical documentation, and best practices designed to help developers understand risks, implement mitigations, and build more secure solutions
Learn more about how Intel's Platform Security Guidance enables more secure solutions
Featured Security Guidance
| CVSS | Issue Overview | CVE | INTEL-SA | Disclosure Date | Technical Documentation (If Applicable) |
|---|---|---|---|---|---|
| 5.6 | Indirect Branch Predictor Delayed Updates | CVE-2024-45332 | INTEL-SA-01247 | 2025-05-13 | n/a |
| 4.7 | Indirect Target Selection | CVE-2024-28956 | INTEL-SA-01153 | 2025-05-12 | n/a |
| 6.5 | Register File Data Sampling | CVE-2023-28746 | INTEL-SA-00898 | 2024-03-12 | n/a |
| 8.8 | Redundant Prefix Issue | CVE-2023-23583 | INTEL-SA-00950 | 2023-11-14 | n/a |
| 6.5 | Gather Data Sampling | CVE-2022-40982 | INTEL-SA-00828 | 2023-08-08 | Gather Data Sampling |
| 4.7 | 2022-03-08 |
Branch History Injection |
Check Affected Processors
Evaluate the impact of transient execution attacks from 2018 through today on Intel® CPUs to determine the recommended way to stay protected from potential attacks.
Confidential Computing: Trusted Execution Environment Protections
Intel Trusted Execution Environment protections enable robust application and VM-level security to provide a comprehensive Confidential Computing solution.
Intel ® Platform Ownership Endorsement enables remote parties to establish who physically controls the hardware running sensitive workloads, adding additional protection to reduce the risk of physical attacks on the platform.
Intel® Platform Ownership Endorsement Generator Github*
Software hardening methods can help protect Trust Domain workloads and Intel TDX Trusted Computing Base (TCB) software from potentially untrusted entities outside the Intel TDX TCB.
Memory protections such as Total Memory Encryption (TME) and related technologies protect data in use to provide additional confidential computing protections.
The PCIe IDE specification contained a limitation in its ordering enforcement that can allow read requests to bypass write requests in certain circumstances. An update to the specification introduces the IDE Escort mitigation for the Forbidden IDE Reordering vulnerability.
A gap in the TDISP specification exposed a potential security vulnerability known as Delayed Posted Redirection. An update to the specification addresses this with new implementation guidance.
A gap in the TDISP standard exposed a potential security vulnerability known as Completion Timeout Redirection. An update to the specification addresses this with new implementation guidance.
Trusted Computing Base Recovery Attestation
Get attestation guidance for Trusted Computing Base Recovery (TCB-R), which helps you deploy the latest security updates for confidential computing technologies, including Intel® Software Guard Extensions (Intel® SGX) and Intel® Trust Domain Extensions (Intel® TDX).
Proactively Secure Software for Intel® Processors
To develop for system security and performance, developers must understand how software works with hardware. To balance both priorities:
- Adhere to security best practices and secure coding principles as a first line of defense.
- Download the latest microcode and follow the recommended mitigation guidance for known issues.
- Learn Intel hardware behavior and how software can best use that behavior and associated features.
The following documents show how to develop and secure software running on Intel processors, as well as details and options for fine-tuned control of software and hardware features according to the most up-to-date guidance.
Latest Feature Documentation
Learn more about how to optimize your software using Intel's security features, platform controls, and performance enhancements. Always keep your systems up-to-date to ensure access to the latest features.
Some newer Intel processors support a new hardware prefetcher feature classified as a Data-Dependent Prefetcher (DDP), which exhibits properties designed to restrict side channel attacks.
Frequency Throttling Side Channel Software Guidance for Cryptography Implementations
For developers implementing cryptographic algorithms, to mitigate timing side channels due to cycle differences, Intel recommends selecting instructions whose execution time is data-independent.
Fast Store Forwarding Predictor
Learn about the Fast Store Forwarding Predictor performance feature and how its properties can be used to help prevent potential exploitation of transient execution disclosure gadgets.
MONITOR and UMONITOR Performance Guidance
Some Intel processors provide developers with the option to configure the behavior of MONITOR and UMONITOR instructions to improve performance.
View Security Advisories
Visit the Intel Security Center to review a comprehensive list of fixes, workarounds, and recommendations for vulnerabilities identified with Intel products.
Frequent References
Find guidance for common questions when assessing risk.
Security Information
Learn more about Intel's commitment to security.
Vulnerability Management at Intel
Intel has sophisticated systems to address security vulnerabilities in Intel products, led by the Product Security & Incident Response Team (PSIRT). Learn more about vulnerability handling and disclosure processes.
Report a Security Vulnerability
If you believe you've found a security vulnerability in an Intel product or solution, notify us through the Intel Bug Bounty Program, and work with Intel to mitigate and coordinate disclosure of the vulnerability.
Watch this video to find out what you can expect when participating in the Intel Bug Bounty Program.
Product and Performance Information
Performance varies by use, configuration and other factors. Learn more at www.Intel.com/PerformanceIndex.
Features and benefits in Intel® technologies depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at Intel.com.
Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors.
Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more complete information visit www.intel.com/benchmarks.
Performance results are based on testing as of dates shown in configurations and may not reflect all publicly available updates.
The products and services described may contain defects or errors known as errata which may cause deviations from published specifications. Current characterized errata are available on request.
Intel provides these materials as-is, with no express or implied warranties.