Spectre · Meltdown · MDS · Zenbleed · Downfall · Rowhammer — The full taxonomy of transient execution and side-channel vulnerabilities.
This page provides a structured view of transient execution, side-channel, scheduler, cache, DRAM, and processor trust-boundary attack classes, with emphasis on practical security assessment and low-level validation work.
This material is intended for hardware security teams, security researchers, platform vendors, embedded system operators, and organizations evaluating modern CPU attack surfaces.
It is especially relevant where speculative execution, shared execution resources, firmware trust, or low-level processor isolation must be assessed in detail.
The goal is not only to list public attacks, but to map them to affected internal components and to support exploitability analysis, mitigation verification, and architecture-aware review.
This makes the page useful both as a taxonomy reference and as an entry point to consulting, validation, and research support.
Speculative execution issues in branch prediction logic can redirect transient control flow and expose data across privilege, process, or virtualization boundaries.
Instruction decode, micro‑op handling, register renaming, and internal buffers remain relevant to transient leakage and state exposure research.
Out‑of‑order scheduling and execution resources can act as both leakage sources and contention‑based side channels.
Memory disambiguation, forwarding behavior, and cache timing effects are central to many practical side‑channel and transient execution attacks.
Processor trust does not end with speculative execution and cache behavior. Microcode delivery, verification, patch loading, and update‑chain integrity are also part of the attack surface in advanced hardware security work.
This research area includes microcode verification bypass topics, processor persistence implications, signature and update‑path trust analysis, and firmware‑adjacent validation of low‑level protection mechanisms.
| Attack | Category | CVE / Year | Affected Component | Vendors |
|---|---|---|---|---|
| Spectre v1 | Speculative Execution | CVE‑2017‑5753 | Branch Predictor | Intel, AMD, ARM |
| Spectre v2 | Speculative Execution | CVE‑2017‑5715 | Branch Predictor | Intel, AMD, ARM |
| Meltdown | Out‑of‑Order Execution | CVE‑2017‑5754 | Memory / OoO Engine | Intel, ARM (some) |
| Retbleed | Return Prediction | CVE‑2022‑29900 / 29901 | Return Stack / Branch Logic | Intel, AMD |
| Spectre‑BHB | Branch History Injection | CVE‑2022‑0001 / 0002 | Branch History Buffer | Intel, AMD, ARM |
| ZombieLoad (MFBDS) | MDS | CVE‑2018‑12130 | Fill Buffers | Intel |
| RIDL (MSBDS) | MDS | CVE‑2018‑12126 | Store Buffers | Intel |
| RIDL (MLPDS) | MDS | CVE‑2018‑12127 | Load Ports | Intel |
| L1TF / Foreshadow | L1 Cache Leakage | CVE‑2018‑3615 | L1 Data Cache | Intel |
| TAA (TSX Async Abort) | Transactional Memory | CVE‑2019‑11135 | Transactional Memory | Intel |
| SRBDS | Register Data Sampling | CVE‑2020‑0543 | Special Registers | Intel |
| Zenbleed | Register Leakage | CVE‑2023‑20593 | Vector Register Handling | AMD (Zen 2) |
| Downfall (GDS) | Gather Data Sampling | CVE‑2022‑40982 | Gather Instructions | Intel |
| SQUIP | Scheduler Contention | CVE‑2023‑20584 | Scheduler / Shared Queues | AMD, Apple |
| Rowhammer | DRAM Disturbance | CVE‑2015‑0565+ | DRAM Row Buffer | All (DRAM-dependent) |
| Microcode Research | Processor Trust / Update Path | Research | Microcode ROM / Patch | Intel, AMD |
GGSEC provides microarchitectural vulnerability assessments, transient execution PoC validation, firmware-level mitigation review, and processor trust-surface analysis for advanced security environments.
Typical work includes attack-surface mapping across CPU pipeline components, exploitability validation, mitigation verification, regression review, and support for internal security programs or responsible disclosure workflows.
