SQ14135
Detected Windows executable files that implement now deprecated MPX vulnerability mitigation protection.
priority | CI/CD status | severity | effort | SAFE level | SAFE assessment |
---|---|---|---|---|---|
None | pass | low | medium | None | None |
About the issueโ
Intel Memory Protection eXtensions (MPX) was a hardware-level vulnerability mitigation option designed to prevent stack-based memory corruptions. This was an experimental vulnerability mitigation protection that was deprecated due to performance and efficacy concerns. It was implemented as a conjunction of software and hardware features, with the processor being ultimately responsible for its enforcement. Due to design choices, there was a significant performance impact. This impact manifests even on processors that did not have this vulnerability mitigation option.
How to resolve the issueโ
- Re-compile the application with a newer version of the programming language toolchain. This will remove the deprecated functionality from the resulting executable, and eliminate its residual performance penalties.
Incidence statisticsโ
ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes. Analysis results are used to calculate incidence statistics for issues (policy violations) that Spectra Assure can detect in software packages.
This section is updated when new data becomes available.
Total amount of packages analyzed
- RubyGems: 183K
- Nuget: 644K
- PyPi: 628K
- NPM: 3.72M
Recommended readingโ
- Intel MPX (External resource - Wikipedia)
- Software Defense: mitigating stack corruption vulnerabilties (External resource - Microsoft)