SQ14135
Detected Windows executable files that implement now deprecated MPX vulnerability mitigation protection.
priority | CI/CD status | severity | effort | RL level | RL assessment |
---|---|---|---|---|---|
None | pass | low | medium | None | None |
About the issueโ
Intel Memory Protection eXtensions (MPX) was a hardware-level vulnerability mitigation option designed to prevent stack-based memory corruptions. This was an experimental vulnerability mitigation protection that was deprecated due to performance and efficacy concerns. It was implemented as a conjunction of software and hardware features, with the processor being ultimately responsible for its enforcement. Due to design choices, there was a significant performance impact. This impact manifests even on processors that did not have this vulnerability mitigation option.
How to resolve the issueโ
- Re-compile the application with a newer version of the programming language toolchain. This will remove the deprecated functionality from the resulting executable, and eliminate its residual performance penalties.
Incidence statisticsโ
Not relevant for this type of issue.
Recommended readingโ
- Intel MPX (External resource - Wikipedia)
- Software Defense: mitigating stack corruption vulnerabilties (External resource - Microsoft)