The product attempts to initialize a resource but does not correctly do so, which might leave the resource in an unexpected, incorrect, or insecure state when it is accessed.
Exposure of Sensitive Information during Transient Execution
0
Base
-
A processor event or prediction may allow incorrect operations (or correct operations with incorrect data) to execute transiently, potentially exposing data over a covert channel.
Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution
0
Base
-
A processor event may allow transient operations to access
architecturally restricted data (for example, in another address
space) in a shared microarchitectural structure (for example, a CPU
cache), potentially exposing the data over a covert channel.
Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution
0
Base
-
A processor event or prediction may allow incorrect or stale data to
be forwarded to transient operations, potentially exposing data over a
covert channel.
Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution
0
Base
-
Shared microarchitectural predictor state may allow code to influence
transient execution across a hardware boundary, potentially exposing
data that is accessible beyond the boundary over a covert channel.
The product invokes a generative AI/ML
component whose behaviors and outputs cannot be directly
controlled, but the product does not validate or
insufficiently validates the outputs to ensure that they
align with the intended security, content, or privacy
policy.