Software Security Guidance
This information is designed for developers and systems experts looking to understand potential vulnerabilities and assess risk, with resources and recommendations for building more secure solutions.
Your Source for Software and Hardware Security Information
Explore in-depth guidance related to the latest security vulnerabilities, as well as the Intel security features and best practices designed to help protect systems and code from those vulnerabilities. This information helps enable developers and system administrators to better understand how software and hardware can work together to create more secure computing environments in an evolving security landscape.
Featured Security Guidance
| CVSS | Issue Overview | CVE | INTEL-SA | Disclosure Date | Technical Documentation (If Applicable) |
|---|---|---|---|---|---|
| 6.5 | Register File Data Sampling | CVE-2023-28746 | INTEL-SA-00898 | 2024-03-12 | n/a |
| 6.1 | Trusted Execution Configuration Register Access | CVE-2023-22655 | INTEL-SA-00960 | 2024-03-12 | n/a |
| 8.8 | Redundant Prefix Issue | CVE-2023-23583 | INTEL-SA-00950 | 2023-11-14 | n/a |
| 6.5 | Gather Data Sampling | CVE-2022-40982 | INTEL-SA-00828 | 2023-08-08 | Gather Data Sampling |
| 6.1 | Processor MMIO Stale Data Vulnerabilities | CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 |
INTEL-SA-00615 | 2022-06-14 | Processor MMIO Stale Data Vulnerabilities |
| 4.7 | 2022-03-08 |
Branch History Injection |
Check Affected Processors
Evaluate the impact of transient execution attacks from 2018 through today on Intel® CPUs to determine the recommended way to stay protected from potential attacks.
Trusted Computing Base Recovery Attestation
Get attestation guidance for Trusted Computing Base Recovery (TCB-R), which helps you deploy the latest security updates for confidential computing technologies, including Intel® Software Guard Extensions (Intel® SGX) and Intel® Trust Domain Extensions (Intel® TDX).
Proactively Secure Software for Intel® Processors
To develop for system security and performance, developers must understand how software works with hardware. To balance both priorities:
- Adhere to security best practices and secure coding principles as a first line of defense.
- Download the latest microcode and follow the recommended mitigation guidance for known issues.
- Learn Intel hardware behavior and how software can best use that behavior and associated features.
The following documents show how to develop and secure software running on Intel processors, as well as details and options for fine-tuned control of software and hardware features according to the most up-to-date guidance.
Latest Feature Documentation
Learn more about how to optimize your software using Intel's security features, platform controls, and performance enhancements. Always keep your systems up-to-date to ensure access to the latest features.
Some newer Intel processors support a new hardware prefetcher feature classified as a Data-Dependent Prefetcher (DDP), which exhibits properties designed to restrict side channel attacks.
Frequency Throttling Side Channel Software Guidance for Cryptography Implementations
For developers implementing cryptographic algorithms, to mitigate timing side channels due to cycle differences, Intel recommends selecting instructions whose execution time is data-independent.
Fast Store Forwarding Predictor
Learn about the Fast Store Forwarding Predictor performance feature and how its properties can be used to help prevent potential exploitation of transient execution disclosure gadgets.
MONITOR and UMONITOR Performance Guidance
Some Intel processors provide developers with the option to configure the behavior of MONITOR and UMONITOR instructions to improve performance.
View Security Advisories
Visit the Intel Security Center to review a comprehensive list of fixes, workarounds, and recommendations for vulnerabilities identified with Intel products.
Frequent References
Find guidance for common questions when assessing risk.
Security Information
Learn more about Intel's commitment to security.
Vulnerability Management at Intel
Intel has sophisticated systems to address security vulnerabilities in Intel products, led by the Product Security & Incident Response Team (PSIRT). Learn more about vulnerability handling and disclosure processes.
Report a Security Vulnerability
If you believe you've found a security vulnerability in an Intel product or solution, notify us through the Intel Bug Bounty Program, and work with Intel to mitigate and coordinate disclosure of the vulnerability.
Watch this video to find out what you can expect when participating in the Intel Bug Bounty Program.
产品和性能信息
性能因用途、配置和其他因素而异。请访问 www.Intel.cn/PerformanceIndex 了解更多信息。
英特尔® 技术的功能和优势取决于系统配置,并且可能需要启用硬件、软件或服务才能激活。实际性能可能因系统配置的不同而有所差异。没有任何产品或组件能够做到绝对安全。请咨询您的系统制造商或零售商,或者访问 Intel.cn 了解更多信息。