This is a student-friendly explanation of the hardware weakness CWE-1037 “Processor Optimization Removal or Modification of Security-critical Code”, which is susceptible to
CAPEC-663 “Exploitation of Transient Instruction Execution”
While increasingly many security mechanisms have been baked into software, the processors themselves are optimising the execution of the programs such that these mechanisms become ineffective.
Example 1
The most high-profile exploits are known as Meltdown and Spectre (🖱 click links for details).
🛡 General mitigation
Software fixes exist but are partial as the use of speculative execution remains a favourable way of increasing processor performance.
Fortunately, the likelihood of successful exploitation is considered to be low.
References
[KHF+20]
P. Kocher, J. Horn, A. Fogh, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher, M. Schwarz, and Y. Yarom, Spectre attacks: Exploiting speculative execution, Commun. ACM63 no. 7 (2020), 93 – 101. https://doi.org/10.1145/3399742.