Rogue System Register Read (INTEL-SA-00115) is a domain-bypass transient execution attack that uses transient execution of instructions to potentially allow malicious actors to infer the values of some system register states that should not be architecturally accessible. This method was first described as Variant 3a (V3a) in the Cache Speculation Side-channels ARM* white paper.
Although these transient operations will architecturally fault or VM exit, in certain cases they may return data that is accessible to subsequent instructions in the speculative execution path. These subsequent instructions can then create a side channel to infer the system register state. Refer to the Rogue System Register Read disclosure for further details and mitigations for this issue.
The table below describes transient execution behavior that may occur on one or more existing Intel processors. Individual processors will only be affected by a subset of the issues listed below. These issues are addressed in future processors.
Instruction | Transient Behavior |
---|---|
Counters | |
RDTSC | RDTSC may transiently return the Timestamp counter even when CR4.TSD is set and CPL > 0. |
RDTSCP | RDTSCP may transiently return the Timestamp counter and Processor ID even when CR4.TSD is set and CPL > 0. |
RDPMC | RDPMC may transiently return the performance monitoring counter even when CR4.PCE is clear and CPL > 0. |
Debug Registers | |
Mov reg, DR{0 to 7} | The contents of DR0 to DR7 may transiently be returned even when DR7.GD is set or Mov-DR exiting VM-execution control is set. Additionally, DR4 and DR5 may transiently be returned even when CR4.DE is set. |
Control Registers | |
Mov reg, CR3 | Mov reg, CR3 may transiently return the CR3 value even when CR3-load exiting VM-execution control is set. |
Others | |
SWAPGS | SWAPGS at CPL > 0 may transiently swap the GS base and IA32_KERNEL_GS_BASE MSR. |
RDFSBASE/RDGSBASE | RDFSBASE and RDGSBASE may transiently execute even when CR4.FSGSBASE is 0. |
XGETBV | When CR4.OSXSAVE is set, XGETBV may transiently return the xcrx value. |
UMIP | |
STR, SIDT, SLDT, SGDT | These instructions may transiently execute even when CR4.UMIP is set and CPL > 0 and even when the descriptor-table exiting VM-execution control is set. |
SMSW | These instructions may transiently execute even when CR4.UMIP is set and CPL> 0. |
Software Security Guidance Home | Advisory Guidance | Technical Documentation | Best Practices | Resources