CWE - VIEW SLICE: CWE-1343: Weaknesses in the 2021 CWE Most Important Hardware Weaknesses List (4.14)

CWE VIEW: Weaknesses in the 2021 CWE Most Important Hardware Weaknesses List

View ID: 1343

Vulnerability Mapping: PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Type: Explicit

Downloads: Booklet | CSV | XML

Objective

CWE entries in this view are listed in the 2021 CWE Most Important Hardware Weaknesses List, as determined by the Hardware CWE Special Interest Group (HW CWE SIG).

Audience

Stakeholder	Description
Hardware Designers	By following this list, hardware designers and implementers are able to significantly reduce the number of weaknesses that occur in their products.
Product Customers	Customers can use the weaknesses in this view in order to formulate independent evidence of a claim by a product vendor to have eliminated / mitigated the most dangerous weaknesses.
Educators	Educators can use this view to focus curriculum on the most important hardware weaknesses.

Membership

Nature	Type	ID	Name
HasMember	Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.	1189	Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
HasMember	Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.	1191	On-Chip Debug and Test Interface With Improper Access Control
HasMember	Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.	1231	Improper Prevention of Lock Bit Modification
HasMember	Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.	1233	Security-Sensitive Hardware Controls with Missing Lock Bit Protection
HasMember	Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.	1240	Use of a Cryptographic Primitive with a Risky Implementation
HasMember	Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.	1244	Internal Asset Exposed to Unsafe Debug Access Level or State
HasMember	Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.	1256	Improper Restriction of Software Interfaces to Hardware Features
HasMember	Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.	1260	Improper Handling of Overlap Between Protected Memory Ranges
HasMember	Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.	1272	Sensitive Information Uncleared Before Debug/Power State Transition
HasMember	Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.	1274	Improper Access Control for Volatile Memory Containing Boot Code
HasMember	Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.	1277	Firmware Not Updateable
HasMember	Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.	1300	Improper Protection of Physical Side Channels

Vulnerability Mapping Notes

Usage: PROHIBITED

(this CWE ID must not be used to map to real-world vulnerabilities)

Reason: View

Rationale:

This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.

Comments:

Use this View or other Views to search and navigate for the appropriate weakness.

References

[REF-1238] MITRE. "2021 CWE Most Important Hardware Weaknesses". 2021-10-28. <https://cwe.mitre.org/scoring/lists/2021_CWE_MiHW.html>.

View Metrics

	CWEs in this view		Total CWEs
Weaknesses	12	out of	938
Categories	0	out of	374
Views	0	out of	50
Total	12	out of	1362

Content History

Submissions
Submission Date	Submitter	Organization
2021-09-29 (CWE 4.6, 2021-10-28)	CWE Content Team	MITRE
2021-09-29 (CWE 4.6, 2021-10-28)
Modifications
Modification Date	Modifier	Organization
2023-06-29	CWE Content Team	MITRE
2023-06-29	updated Mapping_Notes

View Components

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

CWE-1277: Firmware Not Updateable

Weakness ID: 1277

Vulnerability Mapping: ALLOWEDThis CWE ID may be used to map to real-world vulnerabilities
Abstraction: BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.

View customized information:

For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers. For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts. For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers. For users who wish to see all available information for the CWE/CAPEC entry. For users who want to customize what details are displayed.

Description

The product does not provide its users with the ability to update or patch its firmware to address any vulnerabilities or weaknesses that may be present.

Extended Description

Without the ability to patch or update firmware, consumers will be left vulnerable to exploitation of any known vulnerabilities, or any vulnerabilities that are discovered in the future. This can expose consumers to permanent risk throughout the entire lifetime of the device, which could be years or decades. Some external protective measures and mitigations might be employed to aid in preventing or reducing the risk of malicious attack, but the root weakness cannot be corrected.

Relationships

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore.

Relevant to the view "Research Concepts" (CWE-1000)

Nature	Type	ID	Name
ChildOf	Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.	1329	Reliance on Component That is Not Updateable

Relevant to the view "Hardware Design" (CWE-1194)

Nature	Type	ID	Name
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1208	Cross-Cutting Problems

Modes Of Introduction

The different Modes of Introduction provide information about how and when this weakness may be introduced. The Phase identifies a point in the life cycle at which introduction may occur, while the Note provides a typical scenario related to introduction during the given phase.

Phase	Note
Requirements	Requirements development might not consider the importance of updates over the lifetime of the product, or might not choose the ability due to concerns such as expense or speed to market.
Architecture and Design	Lack of planning during architecture development and design, or external pressures such as speed to market, could ignore the capability to update.
Implementation	The weakness can appear through oversight during implementation.

Applicable Platforms

This listing shows possible areas for which the given weakness could appear. These may be for specific named Languages, Operating Systems, Architectures, Paradigms, Technologies, or a class of such platforms. The platform is listed along with how frequently the given weakness appears for that instance.

Languages

Class: Not Language-Specific (Undetermined Prevalence)

Operating Systems

Class: Not OS-Specific (Undetermined Prevalence)

Architectures

Class: Not Architecture-Specific (Undetermined Prevalence)

Technologies

Class: Not Technology-Specific (Undetermined Prevalence)

Common Consequences

This table specifies different individual consequences associated with the weakness. The Scope identifies the application security area that is violated, while the Impact describes the negative technical impact that arises if an adversary succeeds in exploiting this weakness. The Likelihood provides information about how likely the specific consequence is expected to be seen relative to the other consequences in the list. For example, there may be high likelihood that a weakness will be exploited to achieve a certain impact, but a low likelihood that it will be exploited to achieve a different impact.

Scope	Impact	Likelihood
Confidentiality Integrity Access Control Authentication Authorization	Technical Impact: Gain Privileges or Assume Identity; Bypass Protection Mechanism; Execute Unauthorized Code or Commands; DoS: Crash, Exit, or Restart If an attacker can identify an exploitable vulnerability in one device that has no means of patching, the attack may be used against an entire class of devices.	Medium

Demonstrative Examples

Example 1

A refrigerator has an Internet interface for the official purpose of alerting the manufacturer when that refrigerator detects a fault. Because the device is attached to the Internet, the refrigerator is a target for hackers who may wish to use the device other potentially more nefarious purposes.

(bad code)

Example Language: Other

The refrigerator has no means of patching and is hacked becoming a spewer of email spam.

(good code)

Example Language: Other

The device automatically patches itself and provides considerable more protection against being hacked.

Observed Examples

Reference	Description
CVE-2020-9054	Chain: network-attached storage (NAS) device has a critical OS command injection (CWE-78) vulnerability that is actively exploited to place IoT devices into a botnet, but some products are "end-of-support" and cannot be patched (CWE-1277). [REF-1097]
	A hardware "smart lock" has weak key generation that allows attackers to steal the key by BLE sniffing, but the device's firmware cannot be upgraded and hence remains vulnerable [REF-1095].

Potential Mitigations

Phase: Requirements

Specify requirements to include the ability to update the firmware. Include integrity checks and authentication to ensure that untrusted firmware cannot be installed.

Phase: Architecture and Design

Design the device to allow for updating the firmware. Ensure that the design specifies how to distribute the updates and ensure their integrity and authentication.

Phase: Implementation

Implement the necessary functionality to allow the firmware to be updated.

Weakness Ordinalities

Ordinality	Description
Primary	(where the weakness exists independent of other weaknesses)

Detection Methods

Manual Analysis

Create a new installable boot image of the current build with a minor version number change. Use the standard installation method to update the boot image. Verify that the minor version number has changed. Create a fake image. Verify that the boot updater will not install the fake image and generates an "invalid image" error message or equivalent.

Effectiveness: High

Architecture or Design Review

Check the consumer or maintainer documentation, the architecture/design documentation, or the original requirements to ensure that the documentation includes details for how to update the firmware.

Effectiveness: Moderate

Manual Dynamic Analysis

Determine if there is a lack of a capability to update read-only memory (ROM) structure. This could manifest as a difference between the latest firmware version and the current version within the device.

Effectiveness: High

Memberships

This MemberOf Relationships table shows additional CWE Categories and Views that reference this weakness as a member. This information is often useful in understanding where a weakness fits within the context of external information sources.

Nature	Type	ID	Name
MemberOf	View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries).	1343	Weaknesses in the 2021 CWE Most Important Hardware Weaknesses List
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1415	Comprehensive Categorization: Resource Control

Vulnerability Mapping Notes

Usage: ALLOWED

(this CWE ID could be used to map to real-world vulnerabilities)

Reason: Acceptable-Use

Rationale:

This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

Comments:

Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Notes

Terminology

The "firmware" term does not have a single commonly-shared definition, so there may be variations in how this CWE entry is interpreted during mapping.

Related Attack Patterns

CAPEC-ID	Attack Pattern Name
CAPEC-682	Exploitation of Firmware or ROM Code with Unpatchable Vulnerabilities

References

[REF-1095] Matthew Hughes. "Bad news: KeyWe Smart Lock is easily bypassed and can't be fixed". 2019-12-11. <https://www.theregister.com/2019/12/11/f_secure_keywe/>. URL validated: 2023-04-07.

[REF-1096] Alex Scroxton. "Alarm bells ring, the IoT is listening". <https://www.computerweekly.com/news/252475324/Alarm-bells-ring-the-IoT-is-listening>.

[REF-1097] Brian Krebs. "Zyxel Flaw Powers New Mirai IoT Botnet Strain". 2020-03-20. <https://krebsonsecurity.com/2020/03/zxyel-flaw-powers-new-mirai-iot-botnet-strain/>.

Content History

Submissions
Submission Date	Submitter	Organization
2020-05-13 (CWE 4.1, 2020-02-24)	Paul A. Wortman	Wells Fargo
2020-05-13 (CWE 4.1, 2020-02-24)
Contributions
Contribution Date	Contributor	Organization
2021-10-12	Paul A. Wortman	Wells Fargo
2021-10-12	provided detection methods and observed examples
Modifications
Modification Date	Modifier	Organization
2020-08-20	CWE Content Team	MITRE
2020-08-20	updated Common_Consequences, Demonstrative_Examples, Description, Potential_Mitigations
2020-12-10	CWE Content Team	MITRE
2020-12-10	updated Description, Relationships
2021-03-15	CWE Content Team	MITRE
2021-03-15	updated Maintenance_Notes
2021-07-20	CWE Content Team	MITRE
2021-07-20	updated Demonstrative_Examples, Maintenance_Notes
2021-10-28	CWE Content Team	MITRE
2021-10-28	updated Common_Consequences, Description, Detection_Factors, Maintenance_Notes, Modes_of_Introduction, Observed_Examples, References, Relationships, Terminology_Notes, Weakness_Ordinalities
2022-04-28	CWE Content Team	MITRE
2022-04-28	updated Detection_Factors, Observed_Examples, Potential_Mitigations, Relationships
2022-10-13	CWE Content Team	MITRE
2022-10-13	updated Related_Attack_Patterns
2023-04-27	CWE Content Team	MITRE
2023-04-27	updated Relationships
2023-06-29	CWE Content Team	MITRE
2023-06-29	updated Mapping_Notes

CWE-1274: Improper Access Control for Volatile Memory Containing Boot Code

Weakness ID: 1274

View customized information:

Description

The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient access control or other protections for the Volatile Memory.

Extended Description

Adversaries could bypass the secure-boot process and execute their own untrusted, malicious boot code.

As a part of a secure-boot process, the read-only-memory (ROM) code for a System-on-Chip (SoC) or other system fetches bootloader code from Non-Volatile Memory (NVM) and stores the code in Volatile Memory (VM), such as dynamic, random-access memory (DRAM) or static, random-access memory (SRAM). The NVM is usually external to the SoC, while the VM is internal to the SoC. As the code is transferred from NVM to VM, it is authenticated by the SoC's ROM code.

If the volatile-memory-region protections or access controls are insufficient to prevent modifications from an adversary or untrusted agent, the secure boot may be bypassed or replaced with the execution of an adversary's code.

Relationships

Relevant to the view "Research Concepts" (CWE-1000)

Nature	Type	ID	Name
ChildOf	Pillar - a weakness that is the most abstract type of weakness and represents a theme for all class/base/variant weaknesses related to it. A Pillar is different from a Category as a Pillar is still technically a type of weakness that describes a mistake, while a Category represents a common characteristic used to group related things.	284	Improper Access Control

Relevant to the view "Hardware Design" (CWE-1194)

Nature	Type	ID	Name
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1196	Security Flow Issues

Modes Of Introduction

Phase	Note
Architecture and Design	This weakness can be introduced during hardware architecture or design but can be identified later during testing.

Applicable Platforms

Languages

Class: Not Language-Specific (Undetermined Prevalence)

Operating Systems

Class: Not OS-Specific (Undetermined Prevalence)

Architectures

Class: Not Architecture-Specific (Undetermined Prevalence)

Technologies

Class: Not Technology-Specific (Undetermined Prevalence)

Common Consequences

Scope	Impact	Likelihood
Access Control Integrity	Technical Impact: Modify Memory; Execute Unauthorized Code or Commands; Gain Privileges or Assume Identity	High

Demonstrative Examples

Example 1

A typical SoC secure boot's flow includes fetching the next piece of code (i.e., the boot loader) from NVM (e.g., serial, peripheral interface (SPI) flash), and transferring it to DRAM/SRAM volatile, internal memory, which is more efficient.

(bad code)

The volatile-memory protections or access controls are insufficient.

The memory from where the boot loader executes can be modified by an adversary.

(good code)

A good architecture should define appropriate protections or access controls to prevent modification by an adversary or untrusted agent, once the bootloader is authenticated.

Observed Examples

Reference	Description
CVE-2019-2267	Locked memory regions may be modified through other interfaces in a secure-boot-loader image due to improper access control.

Potential Mitigations

Phase: Architecture and Design

Ensure that the design of volatile-memory protections is enough to prevent modification from an adversary or untrusted code.

Phase: Testing

Test the volatile-memory protections to ensure they are safe from modification or untrusted code.

Weakness Ordinalities

Ordinality	Description
Primary	(where the weakness exists independent of other weaknesses)

Detection Methods

Manual Analysis

Ensure the volatile memory is lockable or has locks. Ensure the volatile memory is locked for writes from untrusted agents or adversaries. Try modifying the volatile memory from an untrusted agent, and ensure these writes are dropped.

Effectiveness: High

Manual Analysis

Analyze the device using the following steps:

Identify all fabric master agents that are active during system Boot Flow when initial code is loaded from Non-volatile storage to volatile memory.

Identify the volatile memory regions that are used for storing loaded system executable program.

During system boot, test programming the identified memory regions in step 2 from all the masters identified in step 1.

Only trusted masters should be allowed to write to the memory regions. For example, pluggable device peripherals should not have write access to program load memory regions.

Effectiveness: Moderate

Memberships

Nature	Type	ID	Name
MemberOf	View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries).	1343	Weaknesses in the 2021 CWE Most Important Hardware Weaknesses List
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1396	Comprehensive Categorization: Access Control

Vulnerability Mapping Notes

Usage: ALLOWED

(this CWE ID could be used to map to real-world vulnerabilities)

Reason: Acceptable-Use

Rationale:

This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

Comments:

Related Attack Patterns

CAPEC-ID	Attack Pattern Name
CAPEC-456	Infected Memory
CAPEC-679	Exploitation of Improperly Configured or Implemented Memory Protections

Content History

Submissions
Submission Date	Submitter	Organization
2020-04-25 (CWE 4.1, 2020-02-24)	Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi	Intel Corporation
2020-04-25 (CWE 4.1, 2020-02-24)
Contributions
Contribution Date	Contributor	Organization
2021-10-20	Narasimha Kumar V Mangipudi	Lattice Semiconductor
2021-10-20	suggested content improvements
2021-10-22	Hareesh Khattri	Intel Corporation
2021-10-22	provided detection method
Modifications
Modification Date	Modifier	Organization
2020-08-20	CWE Content Team	MITRE
2020-08-20	updated Demonstrative_Examples, Description, Related_Attack_Patterns
2021-10-28	CWE Content Team	MITRE
2021-10-28	updated Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Observed_Examples, Potential_Mitigations, Relationships, Weakness_Ordinalities
2022-04-28	CWE Content Team	MITRE
2022-04-28	updated Related_Attack_Patterns
2023-01-31	CWE Content Team	MITRE
2023-01-31	updated Related_Attack_Patterns
2023-04-27	CWE Content Team	MITRE
2023-04-27	updated Relationships
2023-06-29	CWE Content Team	MITRE
2023-06-29	updated Mapping_Notes
2024-02-29 (CWE 4.14, 2024-02-29)	CWE Content Team	MITRE
2024-02-29 (CWE 4.14, 2024-02-29)	updated Detection_Factors
Previous Entry Names
Change Date	Previous Entry Name
2021-10-28	Insufficient Protections on the Volatile Memory Containing Boot Code

CWE-1260: Improper Handling of Overlap Between Protected Memory Ranges

Weakness ID: 1260

View customized information:

Description

The product allows address regions to overlap, which can result in the bypassing of intended memory protection.

Extended Description

Isolated memory regions and access control (read/write) policies are used by hardware to protect privileged software. Software components are often allowed to change or remap memory region definitions in order to enable flexible and dynamically changeable memory management by system software.

If a software component running at lower privilege can program a memory address region to overlap with other memory regions used by software running at higher privilege, privilege escalation may be available to attackers. The memory protection unit (MPU) logic can incorrectly handle such an address overlap and allow the lower-privilege software to read or write into the protected memory region, resulting in privilege escalation attack. An address overlap weakness can also be used to launch a denial of service attack on the higher-privilege software memory regions.

Relationships

Relevant to the view "Research Concepts" (CWE-1000)

Nature	Type	ID	Name
ChildOf	Pillar - a weakness that is the most abstract type of weakness and represents a theme for all class/base/variant weaknesses related to it. A Pillar is different from a Category as a Pillar is still technically a type of weakness that describes a mistake, while a Category represents a common characteristic used to group related things.	284	Improper Access Control
CanPrecede	Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.	119	Improper Restriction of Operations within the Bounds of a Memory Buffer

Relevant to the view "Hardware Design" (CWE-1194)

Nature	Type	ID	Name
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1198	Privilege Separation and Access Control Issues

Modes Of Introduction

Phase	Note
Architecture and Design	Such issues could be introduced during hardware architecture and design or implementation and identified later during the Testing phase.
Implementation

Applicable Platforms

Languages

Class: Not Language-Specific (Undetermined Prevalence)

Operating Systems

Class: Not OS-Specific (Undetermined Prevalence)

Architectures

Class: Not Architecture-Specific (Undetermined Prevalence)

Technologies

Memory Hardware (Undetermined Prevalence)

Processor Hardware (Undetermined Prevalence)

Common Consequences

Scope	Impact	Likelihood
Confidentiality Integrity Availability	Technical Impact: Modify Memory; Read Memory; DoS: Instability	High

Demonstrative Examples

Example 1

For example, consider a design with a 16-bit address that has two software privilege levels: Privileged_SW and Non_privileged_SW. To isolate the system memory regions accessible by these two privilege levels, the design supports three memory regions: Region_0, Region_1, and Region_2.

Each region is defined by two 32 bit registers: its range and its access policy.

Address_range[15:0]: specifies the Base address of the region
Address_range[31:16]: specifies the size of the region
Access_policy[31:0]: specifies what types of software can access a region and which actions are allowed

Certain bits of the access policy are defined symbolically as follows:

Access_policy.read_np: if set to one, allows reads from Non_privileged_SW
Access_policy.write_np: if set to one, allows writes from Non_privileged_SW
Access_policy.execute_np: if set to one, allows code execution by Non_privileged_SW
Access_policy.read_p: if set to one, allows reads from Privileged_SW
Access_policy.write_p: if set to one, allows writes from Privileged_SW
Access_policy.execute_p: if set to one, allows code execution by Privileged_SW

For any requests from software, an address-protection filter checks the address range and access policies for each of the three regions, and only allows software access if all three filters allow access.

Consider the following goals for access control as intended by the designer:

Region_0 & Region_1: registers are programmable by Privileged_SW
Region_2: registers are programmable by Non_privileged_SW

The intention is that Non_privileged_SW cannot modify memory region and policies defined by Privileged_SW in Region_0 and Region_1. Thus, it cannot read or write the memory regions that Privileged_SW is using.

(bad code)

Non_privileged_SW can program the Address_range register for Region_2 so that its address overlaps with the ranges defined by Region_0 or Region_1. Using this capability, it is possible for Non_privileged_SW to block any memory region from being accessed by Privileged_SW, i.e., Region_0 and Region_1.

This design could be improved in several ways.

(good code)

Ensure that software accesses to memory regions are only permitted if all three filters permit access. Additionally, the scheme could define a memory region priority to ensure that Region_2 (the memory region defined by Non_privileged_SW) cannot overlap Region_0 or Region_1 (which are used by Privileged_SW).

Example 2

The example code below is taken from the IOMMU controller module of the HACK@DAC'19 buggy CVA6 SoC [REF-1338]. The static memory map is composed of a set of Memory-Mapped Input/Output (MMIO) regions covering different IP agents within the SoC. Each region is defined by two 64-bit variables representing the base address and size of the memory region (XXXBase and XXXLength).

In this example, we have 12 IP agents, and only 4 of them are called out for illustration purposes in the code snippets. Access to the AES IP MMIO region is considered privileged as it provides access to AES secret key, internal states, or decrypted data.

(bad code)

Example Language: Verilog

...

localparam logic[63:0] PLICLength = 64'h03FF_FFFF;
localparam logic[63:0] UARTLength = 64'h0011_1000;
localparam logic[63:0] AESLength = 64'h0000_1000;
localparam logic[63:0] SPILength = 64'h0080_0000;

...

typedef enum logic [63:0] {

...
PLICBase = 64'h0C00_0000,
UARTBase = 64'h1000_0000,
AESBase = 64'h1010_0000,
SPIBase = 64'h2000_0000,
...

The vulnerable code allows the overlap between the protected MMIO region of the AES peripheral and the unprotected UART MMIO region. As a result, unprivileged users can access the protected region of the AES IP. In the given vulnerable example UART MMIO region starts at address 64'h1000_0000 and ends at address 64'h1011_1000 (UARTBase is 64'h1000_0000, and the size of the region is provided by the UARTLength of 64'h0011_1000).

On the other hand, the AES MMIO region starts at address 64'h1010_0000 and ends at address 64'h1010_1000, which implies an overlap between the two peripherals' memory regions. Thus, any user with access to the UART can read or write the AES MMIO region, e.g., the AES secret key.

To mitigate this issue, remove the overlapping address regions by decreasing the size of the UART memory region or adjusting memory bases for all the remaining peripherals. [REF-1339]

(good code)

Example Language: Verilog

...

localparam logic[63:0] PLICLength = 64'h03FF_FFFF;
localparam logic[63:0] UARTLength = 64'h0000_1000;
localparam logic[63:0] AESLength = 64'h0000_1000;
localparam logic[63:0] SPILength = 64'h0080_0000;

...

typedef enum logic [63:0] {

...
PLICBase = 64'h0C00_0000,
UARTBase = 64'h1000_0000,
AESBase = 64'h1010_0000,
SPIBase = 64'h2000_0000,
...

Observed Examples

Reference	Description
CVE-2008-7096	virtualization product allows compromise of hardware product by accessing certain remapping registers.
	processor design flaw allows ring 0 code to access more privileged rings by causing a register window to overlap a range of protected system RAM [REF-1100]

Potential Mitigations

Phase: Architecture and Design

Ensure that memory regions are isolated as intended and that access control (read/write) policies are used by hardware to protect privileged software.

Phase: Implementation

For all of the programmable memory protection regions, the memory protection unit (MPU) design can define a priority scheme.

For example: if three memory regions can be programmed (Region_0, Region_1, and Region_2), the design can enforce a priority scheme, such that, if a system address is within multiple regions, then the region with the lowest ID takes priority and the access-control policy of that region will be applied. In some MPU designs, the priority scheme can also be programmed by trusted software.

Hardware logic or trusted firmware can also check for region definitions and block programming of memory regions with overlapping addresses.

The memory-access-control-check filter can also be designed to apply a policy filter to all of the overlapping ranges, i.e., if an address is within Region_0 and Region_1, then access to this address is only granted if both Region_0 and Region_1 policies allow the access.

Effectiveness: High

Weakness Ordinalities

Ordinality	Description
Primary	(where the weakness exists independent of other weaknesses)
Resultant	(where the weakness is typically related to the presence of some other weaknesses)

Detection Methods

Manual Analysis

Create a high privilege memory block of any arbitrary size. Attempt to create a lower privilege memory block with an overlap of the high privilege memory block. If the creation attempt works, fix the hardware. Repeat the test.

Effectiveness: High

Memberships

Nature	Type	ID	Name
MemberOf	View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries).	1343	Weaknesses in the 2021 CWE Most Important Hardware Weaknesses List
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1396	Comprehensive Categorization: Access Control

Vulnerability Mapping Notes

Usage: ALLOWED

(this CWE ID could be used to map to real-world vulnerabilities)

Reason: Acceptable-Use

Rationale:

This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

Comments:

Notes

Maintenance

As of CWE 4.6, CWE-1260 and CWE-1316 are siblings under view 1000, but CWE-1260 might be a parent of CWE-1316. More analysis is warranted.

Related Attack Patterns

CAPEC-ID	Attack Pattern Name
CAPEC-456	Infected Memory
CAPEC-679	Exploitation of Improperly Configured or Implemented Memory Protections

References

[REF-1100] Christopher Domas. "The Memory Sinkhole". 2015-07-20. <https://github.com/xoreaxeaxeax/sinkhole/blob/master/us-15-Domas-TheMemorySinkhole-wp.pdf>.

[REF-1338] "Hackatdac19 ariane_soc_pkg.sv". 2019. <https://github.com/HACK-EVENT/hackatdac19/blob/619e9fb0ef32ee1e01ad76b8732a156572c65700/tb/ariane_soc_pkg.sv#L44:L62>. URL validated: 2023-06-21.

[REF-1339] Florian Zaruba, Michael Schaffner and Andreas Traber. "csr_regfile.sv". 2019. <https://github.com/openhwgroup/cva6/blob/7951802a0147aedb21e8f2f6dc1e1e9c4ee857a2/src/csr_regfile.sv#L45>. URL validated: 2023-06-21.

Content History

Submissions
Submission Date	Submitter	Organization
2020-02-10 (CWE 4.1, 2020-02-24)	Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi	Intel Corporation
2020-02-10 (CWE 4.1, 2020-02-24)
Contributions
Contribution Date	Contributor	Organization
2021-10-20	Narasimha Kumar V Mangipudi	Lattice Semiconductor
2021-10-20	suggested content improvements
2021-10-22	Hareesh Khattri	Intel Corporation
2021-10-22	suggested observed examples
2023-06-21	Shaza Zeitouni, Mohamadreza Rostami, Pouya Mahmoody, Ahmad-Reza Sadeghi	Technical University of Darmstadt
2023-06-21	suggested demonstrative example
2023-06-21	Rahul Kande, Chen Chen, Jeyavijayan Rajendran	Texas A&M University
2023-06-21	suggested demonstrative example
Modifications
Modification Date	Modifier	Organization
2020-08-20	CWE Content Team	MITRE
2020-08-20	updated Demonstrative_Examples, Description, Modes_of_Introduction, Related_Attack_Patterns
2020-12-10	CWE Content Team	MITRE
2020-12-10	updated Maintenance_Notes
2021-10-28	CWE Content Team	MITRE
2021-10-28	updated Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Observed_Examples, Relationships, Weakness_Ordinalities
2022-04-28	CWE Content Team	MITRE
2022-04-28	updated Applicable_Platforms, Related_Attack_Patterns
2022-06-28	CWE Content Team	MITRE
2022-06-28	updated Applicable_Platforms
2023-01-31	CWE Content Team	MITRE
2023-01-31	updated Related_Attack_Patterns
2023-04-27	CWE Content Team	MITRE
2023-04-27	updated Relationships
2023-06-29	CWE Content Team	MITRE
2023-06-29	updated Demonstrative_Examples, Mapping_Notes, References

CWE-1189: Improper Isolation of Shared Resources on System-on-a-Chip (SoC)

Weakness ID: 1189

View customized information:

Description

The System-On-a-Chip (SoC) does not properly isolate shared resources between trusted and untrusted agents.

Extended Description

A System-On-a-Chip (SoC) has a lot of functionality, but it may have a limited number of pins or pads. A pin can only perform one function at a time. However, it can be configured to perform multiple different functions. This technique is called pin multiplexing. Similarly, several resources on the chip may be shared to multiplex and support different features or functions. When such resources are shared between trusted and untrusted agents, untrusted agents may be able to access the assets intended to be accessed only by the trusted agents.

Relationships

Relevant to the view "Research Concepts" (CWE-1000)

Nature	Type	ID	Name
ChildOf	Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.	668	Exposure of Resource to Wrong Sphere
ChildOf	Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.	653	Improper Isolation or Compartmentalization
ParentOf	Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.	1303	Non-Transparent Sharing of Microarchitectural Resources
PeerOf	Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.	1331	Improper Isolation of Shared Resources in Network On Chip (NoC)

Relevant to the view "Hardware Design" (CWE-1194)

Nature	Type	ID	Name
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1198	Privilege Separation and Access Control Issues
PeerOf	Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.	1331	Improper Isolation of Shared Resources in Network On Chip (NoC)

Modes Of Introduction

Phase	Note
Architecture and Design
Implementation

Applicable Platforms

Languages

Class: Not Language-Specific (Undetermined Prevalence)

Technologies

Class: System on Chip (Undetermined Prevalence)

Common Consequences

Scope	Impact	Likelihood
Access Control	Technical Impact: Bypass Protection Mechanism If resources being used by a trusted user are shared with an untrusted user, the untrusted user may be able to modify the functionality of the shared resource of the trusted user.
Integrity	Technical Impact: Quality Degradation The functionality of the shared resource may be intentionally degraded.

Demonstrative Examples

Example 1

Consider the following SoC design. The Hardware Root of Trust (HRoT) local SRAM is memory mapped in the core{0-N} address space. The HRoT allows or disallows access to private memory ranges, thus allowing the sram to function as a mailbox for communication between untrusted and trusted HRoT partitions.

We assume that the threat is from malicious software in the untrusted domain. We assume this software has access to the core{0-N} memory map and can be running at any privilege level on the untrusted cores. The capability of this threat in this example is communication to and from the mailbox region of SRAM modulated by the hrot_iface. To address this threat, information must not enter or exit the shared region of SRAM through hrot_iface when in secure or privileged mode.

Observed Examples

Reference	Description
CVE-2020-8698	Processor has improper isolation of shared resources allowing for information disclosure.
CVE-2019-6260	Baseboard Management Controller (BMC) device implements Advanced High-performance Bus (AHB) bridges that do not require authentication for arbitrary read and write access to the BMC's physical address space from the host, and possibly the network [REF-1138].

Potential Mitigations

Phase: Architecture and Design

Strategy: Separation of Privilege

When sharing resources, avoid mixing agents of varying trust levels.

Untrusted agents should not share resources with trusted agents.

Weakness Ordinalities

Ordinality	Description
Primary	(where the weakness exists independent of other weaknesses)

Detection Methods

Automated Dynamic Analysis

Pre-silicon / post-silicon: Test access to shared systems resources (memory ranges, control registers, etc.) from untrusted software to verify that the assets are not incorrectly exposed to untrusted agents. Note that access to shared resources can be dynamically allowed or revoked based on system flows. Security testing should cover such dynamic shared resource allocation and access control modification flows.

Effectiveness: High

Memberships

Nature	Type	ID	Name
MemberOf	View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries).	1343	Weaknesses in the 2021 CWE Most Important Hardware Weaknesses List
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1364	ICS Communications: Zone Boundary Failures
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1366	ICS Communications: Frail Security in Protocols
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1418	Comprehensive Categorization: Violation of Secure Design Principles

Vulnerability Mapping Notes

Usage: ALLOWED

(this CWE ID could be used to map to real-world vulnerabilities)

Reason: Acceptable-Use

Rationale:

This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

Comments:

Related Attack Patterns

CAPEC-ID	Attack Pattern Name
CAPEC-124	Shared Resource Manipulation

References

[REF-1036] Ali Abbasi and Majid Hashemi. "Ghost in the PLC Designing an Undetectable Programmable Logic Controller Rootkit via Pin Control Attack". 2016. <https://www.blackhat.com/docs/eu-16/materials/eu-16-Abbasi-Ghost-In-The-PLC-Designing-An-Undetectable-Programmable-Logic-Controller-Rootkit-wp.pdf>.

[REF-1138] Stewart Smith. "CVE-2019-6260: Gaining control of BMC from the host processor". 2019. <https://www.flamingspork.com/blog/2019/01/23/cve-2019-6260:-gaining-control-of-bmc-from-the-host-processor/>.

Content History

Submissions
Submission Date	Submitter	Organization
2019-10-15 (CWE 4.0, 2020-02-24)	Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi	Intel Corporation
2019-10-15 (CWE 4.0, 2020-02-24)
Contributions
Contribution Date	Contributor	Organization
2021-07-16		Tortuga Logic
2021-07-16	Provided Demonstrative Example for Hardware Root of Trust
2021-10-22	Hareesh Khattri	Intel Corporation
2021-10-22	provided observed example
2022-04-18	Hareesh Khattri	Intel Corporation
2022-04-18	changed detection method
Modifications
Modification Date	Modifier	Organization
2020-08-20	CWE Content Team	MITRE
2020-08-20	updated Common_Consequences, Description, Name, Potential_Mitigations, Related_Attack_Patterns, Relationships
2020-12-10	CWE Content Team	MITRE
2020-12-10	updated Relationships
2021-07-20	CWE Content Team	MITRE
2021-07-20	updated Demonstrative_Examples
2021-10-28	CWE Content Team	MITRE
2021-10-28	updated Description, Observed_Examples, References, Relationships, Weakness_Ordinalities
2022-10-13	CWE Content Team	MITRE
2022-10-13	updated Detection_Factors
2023-04-27	CWE Content Team	MITRE
2023-04-27	updated Observed_Examples, Relationships
2023-06-29	CWE Content Team	MITRE
2023-06-29	updated Mapping_Notes, Relationships
Previous Entry Names
Change Date	Previous Entry Name
2020-08-20	Improper Isolation of Shared Resources on System-on-Chip (SoC)

CWE-1231: Improper Prevention of Lock Bit Modification

Weakness ID: 1231

View customized information:

Description

The product uses a trusted lock bit for restricting access to registers, address regions, or other resources, but the product does not prevent the value of the lock bit from being modified after it has been set.

Extended Description

In integrated circuits and hardware intellectual property (IP) cores, device configuration controls are commonly programmed after a device power reset by a trusted firmware or software module (e.g., BIOS/bootloader) and then locked from any further modification.

This behavior is commonly implemented using a trusted lock bit. When set, the lock bit disables writes to a protected set of registers or address regions. Design or coding errors in the implementation of the lock bit protection feature may allow the lock bit to be modified or cleared by software after it has been set. Attackers might be able to unlock the system and features that the bit is intended to protect.

Relationships

Relevant to the view "Research Concepts" (CWE-1000)

Nature	Type	ID	Name
ChildOf	Pillar - a weakness that is the most abstract type of weakness and represents a theme for all class/base/variant weaknesses related to it. A Pillar is different from a Category as a Pillar is still technically a type of weakness that describes a mistake, while a Category represents a common characteristic used to group related things.	284	Improper Access Control

Relevant to the view "Hardware Design" (CWE-1194)

Nature	Type	ID	Name
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1199	General Circuit and Logic Design Concerns

Modes Of Introduction

Phase	Note
Architecture and Design	Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases.
Implementation	Such issues could be introduced during implementation and identified later during Testing or System Configuration phases.

Applicable Platforms

Languages

Class: Not Language-Specific (Undetermined Prevalence)

Operating Systems

Class: Not OS-Specific (Undetermined Prevalence)

Architectures

Class: Not Architecture-Specific (Undetermined Prevalence)

Technologies

Class: Not Technology-Specific (Undetermined Prevalence)

Common Consequences

Scope	Impact	Likelihood
Access Control	Technical Impact: Modify Memory Registers protected by lock bit can be modified even when lock is set.	High

Demonstrative Examples

Example 1

Consider the example design below for a digital thermal sensor that detects overheating of the silicon and triggers system shutdown. The system critical temperature limit (CRITICAL_TEMP_LIMIT) and thermal sensor calibration (TEMP_SENSOR_CALIB) data have to be programmed by firmware, and then the register needs to be locked (TEMP_SENSOR_LOCK).

(bad code)

Example Language: Other

Register	Field description
CRITICAL_TEMP_LIMIT	[31:8] Reserved field; Read only; Default 0 [7:0] Critical temp 0-255 Centigrade; Read-write-lock; Default 125
TEMP_SENSOR_CALIB	[31:0] Thermal sensor calibration data. Slope value used to map sensor reading to degrees Centigrade.
TEMP_SENSOR_LOCK	[31:1] Reserved field; Read only; Default 0 [0] Lock bit, locks CRITICAL_TEMP_LIMIT and TEMP_SENSOR_CALIB registers; Write-1-once; Default 0
TEMP_HW_SHUTDOWN	[31:2] Reserved field; Read only; Default 0 [1] Enable hardware shutdown on critical temperature detection; Read-write; Default 0
CURRENT_TEMP	[31:8] Reserved field; Read only; Default 0 [7:0] Current Temp 0-255 Centigrade; Read-only; Default 0

In this example, note that if the system heats to critical temperature, the response of the system is controlled by the TEMP_HW_SHUTDOWN bit [1], which is not lockable. Thus, the intended security property of the critical temperature sensor cannot be fully protected, since software can misconfigure the TEMP_HW_SHUTDOWN register even after the lock bit is set to disable the shutdown response.

(good code)

To fix this weakness, one could change the TEMP_HW_SHUTDOWN field to be locked by TEMP_SENSOR_LOCK.

TEMP_HW_SHUTDOWN

[31:2] Reserved field; Read only; Default 0
[1] Enable hardware shutdown on critical temperature detection; Read-write-Lock; Default 0
[0] Locked by TEMP_SENSOR_LOCK

Example 2

The following example code is a snippet from the register locks inside the buggy OpenPiton SoC of HACK@DAC'21 [REF-1350]. Register locks help prevent SoC peripherals' registers from malicious use of resources. The registers that can potentially leak secret data are locked by register locks.

In the vulnerable code, the reglk_mem is used for locking information. If one of its bits toggle to 1, the corresponding peripheral's registers will be locked. In the context of the HACK@DAC System-on-Chip (SoC), it is pertinent to note the existence of two distinct categories of reset signals.

First, there is a global reset signal denoted as "rst_ni," which possesses the capability to simultaneously reset all peripherals to their respective initial states.

Second, we have peripheral-specific reset signals, such as "rst_9," which exclusively reset individual peripherals back to their initial states. The administration of these reset signals is the responsibility of the reset controller module.

(bad code)

Example Language: Verilog

always @(posedge clk_i)

begin

if(~(rst_ni && ~jtag_unlock && ~rst_9))

begin

for (j=0; j < 6; j=j+1) begin

reglk_mem[j] <= 'h0;

end

end
...

In the buggy SoC architecture during HACK@DAC'21, a critical issue arises within the reset controller module. Specifically, the reset controller can inadvertently transmit a peripheral reset signal to the register lock within the user privilege domain.

This unintentional action can result in the reset of the register locks, potentially exposing private data from all other peripherals, rendering them accessible and readable.

To mitigate the issue, remove the extra reset signal rst_9 from the register lock if condition. [REF-1351]

(good code)

Example Language: Verilog

always @(posedge clk_i)

begin

if(~(rst_ni && ~jtag_unlock))

begin

for (j=0; j < 6; j=j+1) begin

reglk_mem[j] <= 'h0;

end

end
...

Observed Examples

Reference	Description
CVE-2017-6283	chip reset clears critical read/write lock permissions for RSA function

Potential Mitigations

Phases: Architecture and Design; Implementation; Testing

Security lock bit protections must be reviewed for design inconsistency and common weaknesses.

Security lock programming flow and lock properties must be tested in pre-silicon and post-silicon testing.

Effectiveness: High

Weakness Ordinalities

Ordinality	Description
Primary	(where the weakness exists independent of other weaknesses)

Detection Methods

Manual Analysis

Set the lock bit. Power cycle the device. Attempt to clear the lock bit. If the information is changed, implement a design fix. Retest. Also, attempt to indirectly clear the lock bit or bypass it.

Effectiveness: High

Memberships

Nature	Type	ID	Name
MemberOf	View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries).	1343	Weaknesses in the 2021 CWE Most Important Hardware Weaknesses List
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1372	ICS Supply Chain: OT Counterfeit and Malicious Corruption
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1396	Comprehensive Categorization: Access Control

Vulnerability Mapping Notes

Usage: ALLOWED

(this CWE ID could be used to map to real-world vulnerabilities)

Reason: Acceptable-Use

Rationale:

This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

Comments:

Related Attack Patterns

CAPEC-ID	Attack Pattern Name
CAPEC-680	Exploitation of Improperly Controlled Registers

References

[REF-1350] "reglk_wrapper.sv". 2021. <https://github.com/HACK-EVENT/hackatdac21/blob/b9ecdf6068445d76d6bee692d163fededf7a9d9b/piton/design/chip/tile/ariane/src/reglk/reglk_wrapper.sv#L80C1-L80C48>. URL validated: 2023-09-18.

[REF-1351] "fix cwe 1199 in reglk". 2023. <https://github.com/HACK-EVENT/hackatdac21/commit/5928add42895b57341ae8fc1f9b8351c35aed865#diff-1c2b09dd092a56e5fb2be431a3849e72ff489d2ae4f4a6bb9c0ea6b7d450135aR80>. URL validated: 2023-09-18.

Content History

Submissions
Submission Date	Submitter	Organization
2020-01-15 (CWE 4.0, 2020-02-24)	Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi	Intel Corporation
2020-01-15 (CWE 4.0, 2020-02-24)
Contributions
Contribution Date	Contributor	Organization
2021-10-20	Narasimha Kumar V Mangipudi	Lattice Semiconductor
2021-10-20	reviewed content changes
2021-10-22	Hareesh Khattri	Intel Corporation
2021-10-22	provided observed example
2023-06-21	Shaza Zeitouni, Mohamadreza Rostami, Pouya Mahmoody, Ahmad-Reza Sadeghi	Technical University of Darmstadt
2023-06-21	suggested demonstrative example
2023-06-21	Rahul Kande, Chen Chen, Jeyavijayan Rajendran	Texas A&M University
2023-06-21	suggested demonstrative example
Modifications
Modification Date	Modifier	Organization
2020-06-25	CWE Content Team	MITRE
2020-06-25	updated Demonstrative_Examples
2020-08-20	CWE Content Team	MITRE
2020-08-20	updated Related_Attack_Patterns
2021-10-28	CWE Content Team	MITRE
2021-10-28	updated Demonstrative_Examples, Description, Detection_Factors, Name, Observed_Examples, Potential_Mitigations, Relationships, Weakness_Ordinalities
2022-04-28	CWE Content Team	MITRE
2022-04-28	updated Related_Attack_Patterns, Relationships
2023-04-27	CWE Content Team	MITRE
2023-04-27	updated Relationships
2023-06-29	CWE Content Team	MITRE
2023-06-29	updated Mapping_Notes
2023-10-26	CWE Content Team	MITRE
2023-10-26	updated Demonstrative_Examples, References
Previous Entry Names
Change Date	Previous Entry Name
2021-10-28	Improper Implementation of Lock Protection Registers

CWE-1300: Improper Protection of Physical Side Channels

Weakness ID: 1300

View customized information:

Description

The device does not contain sufficient protection mechanisms to prevent physical side channels from exposing sensitive information due to patterns in physically observable phenomena such as variations in power consumption, electromagnetic emissions (EME), or acoustic emissions.

Extended Description

An adversary could monitor and measure physical phenomena to detect patterns and make inferences, even if it is not possible to extract the information in the digital domain.

Physical side channels have been well-studied for decades in the context of breaking implementations of cryptographic algorithms or other attacks against security features. These side channels may be easily observed by an adversary with physical access to the device, or using a tool that is in close proximity. If the adversary can monitor hardware operation and correlate its data processing with power, EME, and acoustic measurements, the adversary might be able to recover of secret keys and data.

Relationships

Relevant to the view "Research Concepts" (CWE-1000)

Nature	Type	ID	Name
ChildOf	Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.	203	Observable Discrepancy
ParentOf	Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.	1255	Comparison Logic is Vulnerable to Power Side-Channel Attacks

Relevant to the view "Hardware Design" (CWE-1194)

Nature	Type	ID	Name
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1388	Physical Access Issues and Concerns
ChildOf	Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.	203	Observable Discrepancy

Modes Of Introduction

Phase	Note
Implementation

Applicable Platforms

Languages

Class: Not Language-Specific (Undetermined Prevalence)

Operating Systems

Class: Not OS-Specific (Undetermined Prevalence)

Architectures

Class: Not Architecture-Specific (Undetermined Prevalence)

Technologies

Class: Not Technology-Specific (Undetermined Prevalence)

Common Consequences

Scope	Impact	Likelihood
Confidentiality	Technical Impact: Read Memory; Read Application Data

Demonstrative Examples

Example 1

Consider a device that checks a passcode to unlock the screen.

(bad code)

As each character of the PIN number is entered, a correct character exhibits one current pulse shape while an incorrect character exhibits a different current pulse shape.

PIN numbers used to unlock a cell phone should not exhibit any characteristics about themselves. This creates a side channel. An attacker could monitor the pulses using an oscilloscope or other method. Once the first character is correctly guessed (based on the oscilloscope readings), they can then move to the next character, which is much more efficient than the brute force method of guessing every possible sequence of characters.

(good code)

Rather than comparing each character to the correct PIN value as it is entered, the device could accumulate the PIN in a register, and do the comparison all at once at the end. Alternatively, the components for the comparison could be modified so that the current pulse shape is the same regardless of the correctness of the entered character.

Example 2

Consider the device vulnerability CVE-2021-3011, which affects certain microcontrollers [REF-1221]. The Google Titan Security Key is used for two-factor authentication using cryptographic algorithms. The device uses an internal secret key for this purpose and exchanges information based on this key for the authentication. If this internal secret key and the encryption algorithm were known to an adversary, the key function could be duplicated, allowing the adversary to masquerade as the legitimate user.

(bad code)

The local method of extracting the secret key consists of plugging the key into a USB port and using electromagnetic (EM) sniffing tools and computers.

(good code)

Several solutions could have been considered by the manufacturer. For example, the manufacturer could shield the circuitry in the key or add randomized delays, indirect calculations with random values involved, or randomly ordered calculations to make extraction much more difficult or a combination of these techniques.

Example 3

The code snippet provided here is part of the modular exponentiation module found in the HACK@DAC'21 Openpiton System-on-Chip (SoC), specifically within the RSA peripheral [REF-1368]. Modular exponentiation, denoted as "a^b mod n," is a crucial operation in the RSA public/private key encryption. In RSA encryption, where 'c' represents ciphertext, 'm' stands for a message, and 'd' corresponds to the private key, the decryption process is carried out using this modular exponentiation as follows: m = c^d mod n, where 'n' is the result of multiplying two large prime numbers.

(bad code)

Example Language: Verilog

...
module mod_exp

...
`UPDATE: begin

if (exponent_reg != 'd0) begin

if (exponent_reg[0])

result_reg <= result_next;

base_reg <= base_next;
exponent_reg <= exponent_next;
state <= `UPDATE;

...

endmodule

The vulnerable code shows a buggy implementation of binary exponentiation where it updates the result register (result_reg) only when the corresponding exponent bit (exponent_reg[0]) is set to 1. However, when this exponent bit is 0, the output register is not updated. It's important to note that this implementation introduces a physical power side-channel vulnerability within the RSA core. This vulnerability could expose the private exponent to a determined physical attacker. Such exposure of the private exponent could lead to a complete compromise of the private key.

To address mitigation requirements, the developer can develop the module by minimizing dependency on conditions, particularly those reliant on secret keys. In situations where branching is unavoidable, developers can implement masking mechanisms to obfuscate the power consumption patterns exhibited by the module (see good code example). Additionally, certain algorithms, such as the Karatsuba algorithm, can be implemented as illustrative examples of side-channel resistant algorithms, as they necessitate only a limited number of branch conditions [REF-1369].

(good code)

Example Language: Verilog

...
module mod_exp

...
`UPDATE: begin

if (exponent_reg != 'd0) begin

if (exponent_reg[0]) begin

result_reg <= result_next;

end else begin

mask_reg <= result_next;

end
base_reg <= base_next;
exponent_reg <= exponent_next;
state <= `UPDATE;

...

endmodule

Observed Examples

Reference	Description
CVE-2022-35888	Power side-channels leak secret information from processor
CVE-2021-3011	electromagnetic-wave side-channel in security-related microcontrollers allows extraction of private key
CVE-2019-14353	Crypto hardware wallet's power consumption relates to total number of pixels illuminated, creating a side channel in the USB connection that allows attackers to determine secrets displayed such as PIN numbers and passwords
CVE-2020-27211	Chain: microcontroller system-on-chip contains uses a register value stored in flash to set product protection state on the memory bus but does not contain protection against fault injection (CWE-1319), which leads to an incorrect initialization of the memory bus (CWE-1419) leading the product to be in an unprotected state.
CVE-2013-4576	message encryption software uses certain instruction sequences that allows RSA key extraction using a chosen-ciphertext attack and acoustic cryptanalysis
CVE-2020-28368	virtualization product allows recovery of AES keys from the guest OS using a side channel attack against a power/energy monitoring interface.
CVE-2019-18673	power consumption varies based on number of pixels being illuminated in a display, allowing reading of secrets such as the PIN by using the USB interface to measure power consumption

Potential Mitigations

Phase: Architecture and Design

Apply blinding or masking techniques to implementations of cryptographic algorithms.

Phase: Implementation

Add shielding or tamper-resistant protections to the device to increase the difficulty of obtaining measurements of the side-channel.

Weakness Ordinalities

Ordinality	Description
Primary	(where the weakness exists independent of other weaknesses)
Resultant	(where the weakness is typically related to the presence of some other weaknesses)

Detection Methods

Manual Analysis

Perform a set of leakage detection tests such as the procedure outlined in the Test Vector Leakage Assessment (TVLA) test requirements for AES [REF-1230]. TVLA is the basis for the ISO standard 17825 [REF-1229]. A separate methodology is provided by [REF-1228]. Note that sole reliance on this method might not yield expected results [REF-1239] [REF-1240].

Effectiveness: Moderate

Manual Analysis

Post-silicon, perform full side-channel attacks (penetration testing) covering as many known leakage models as possible against test code.

Effectiveness: Moderate

Manual Analysis

Pre-silicon - while the aforementioned TVLA methods can be performed post-silicon, models of device power consumption or other physical emanations can be built from information present at various stages of the hardware design process before fabrication. TVLA or known side-channel attacks can be applied to these simulated traces and countermeasures applied before tape-out. Academic research in this field includes [REF-1231] [REF-1232] [REF-1233].

Effectiveness: Moderate

Functional Areas

Power

Memberships

Nature	Type	ID	Name
MemberOf	View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries).	1343	Weaknesses in the 2021 CWE Most Important Hardware Weaknesses List
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1417	Comprehensive Categorization: Sensitive Information Exposure

Vulnerability Mapping Notes

Usage: ALLOWED

(this CWE ID could be used to map to real-world vulnerabilities)

Reason: Acceptable-Use

Rationale:

This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

Comments:

Related Attack Patterns

CAPEC-ID	Attack Pattern Name
CAPEC-189	Black Box Reverse Engineering
CAPEC-699	Eavesdropping on a Monitor

References

[REF-1117] Paul Kocher, Joshua Jaffe and Benjamin Jun. "Introduction to differential power analysis and related attacks". 1998. <https://www.rambus.com/wp-content/uploads/2015/08/DPATechInfo.pdf>.

[REF-1118] Dakshi Agrawal, Bruce Archambeault, Josyula R. Rao and Pankaj Rohatgi. "The EM Side-Channel(s)". 2007-08-24. <https://link.springer.com/content/pdf/10.1007/3-540-36400-5_4.pdf>. URL validated: 2023-04-07.

[REF-1119] Daniel Genkin, Adi Shamir and Eran Tromer. "RSA key extraction via low-bandwidth acoustic cryptanalysis". 2014-06-13. <https://www.iacr.org/archive/crypto2014/86160149/86160149.pdf>.

[REF-1120] Colin O'Flynn. "Power Analysis for Cheapskates". 2013-01-24. <https://media.blackhat.com/eu-13/briefings/OFlynn/bh-eu-13-for-cheapstakes-oflynn-wp.pdf>.

[REF-1055] Peter Gutmann. "Data Remanence in Semiconductor Devices". 10th USENIX Security Symposium. 2001-08. <https://www.usenix.org/legacy/events/sec01/full_papers/gutmann/gutmann.pdf>.

[REF-1218] Graham Cluley. "This Black Box Can Brute Force Crack iPhone PIN Passcodes". The Mac Security Blog. 2015-03-16. <https://www.intego.com/mac-security-blog/iphone-pin-pass-code/>.

[REF-1221] Victor Lomne and Thomas Roche. "A Side Journey to Titan". 2021-01-07. <https://web.archive.org/web/20210107182441/https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf>. URL validated: 2023-04-07.

[REF-1228] Gilbert Goodwill, Benjamin Jun, Josh Jaffe and Pankaj Rohatgi. "A testing methodology for side-channel resistance validation". 2011. <https://csrc.nist.gov/csrc/media/events/non-invasive-attack-testing-workshop/documents/08_goodwill.pdf>.

[REF-1229] ISO/IEC. "ISO/IEC 17825:2016: Testing methods for the mitigation of non-invasive attack classes against cryptographic modules". 2016. <https://www.iso.org/standard/60612.html>.

[REF-1230] Cryptography Research Inc.. "Test Vector Leakage Assessment (TVLA) Derived Test Requirements (DTR) with AES". 2015-08. <https://www.rambus.com/wp-content/uploads/2015/08/TVLA-DTR-with-AES.pdf>.

[REF-1231] Danilo Šijaˇci´, Josep Balasch, Bohan Yang, Santosh Ghosh and Ingrid Verbauwhede. "Towards efficient and automated side-channel evaluations at design time". pp. 305-319. Journal of Cryptographic Engineering, 10(4). 2020. <https://www.esat.kuleuven.be/cosic/publications/article-3204.pdf>.

[REF-1232] Amit Kumar, Cody Scarborough, Ali Yilmaz and Michael Orshansky. "Efficient simulation of EM side-channel attack resilience". pp. 123-130. IEEE/ACM International Conference on Computer-Aided Design (ICCAD). 2017. <https://dl.acm.org/doi/pdf/10.5555/3199700.3199717>. URL validated: 2023-04-07.

[REF-1233] Yuan Yao, Tuna Tufan, Tarun Kathuria, Baris Ege, Ulkuhan Guler and Patrick Schaumont. "Pre-silicon Architecture Correlation Analysis (PACA): Identifying and Mitigating the Source of Side-channel Leakage at Gate-level". IACR Cryptology ePrint Archive. 2021-04-21. <https://eprint.iacr.org/2021/530.pdf>.

[REF-1234] Elisabeth Oswald, Thomas Popp and Stefan Mangard. "Power Analysis Attacks - Revealing the Secrets of Smart Cards". 2007. <https://link.springer.com/book/10.1007/978-0-387-38162-6>. URL validated: 2023-04-07.

[REF-1235] David Oswald, Bastian Richter and Christof Paar. "Side-Channel Attacks on the Yubikey 2 One-Time Password Generator". 2013-06-14. <https://www.emsec.ruhr-uni-bochum.de/media/crypto/veroeffentlichungen/2014/02/04/paper_yubikey_sca.pdf>.

[REF-1239] François-Xavier Standaert. "How (not) to Use Welch's T-test in Side-Channel Security Evaluations". IACR Cryptology ePrint Archive. 2017-02-15. <https://eprint.iacr.org/2017/138.pdf>.

[REF-1240] Carolyn Whitnall and Elisabeth Oswald. "A Critical Analysis of ISO 17825 ('Testing methods for the mitigation of non-invasive attack classes against cryptographic modules')". IACR Cryptology ePrint Archive. 2019-09-10. <https://eprint.iacr.org/2019/1013.pdf>.

[REF-1285] Texas Instruments. "Physical Security Attacks Against Silicon Devices". 2022-01-31. <https://www.ti.com/lit/an/swra739/swra739.pdf?ts=1644234570420>.

[REF-1286] Lennert Wouters, Benedikt Gierlichs and Bart Preneel. "On The Susceptibility of Texas Instruments SimpleLink Platform Microcontrollers to Non-Invasive Physical Attacks". 1.2 / 5. 2022-03-14. <https://eprint.iacr.org/2022/328.pdf>.

[REF-1368] "mod_exp.v". 2021. <https://github.com/HACK-EVENT/hackatdac21/blob/b9ecdf6068445d76d6bee692d163fededf7a9d9b/piton/design/chip/tile/ariane/src/rsa/mod_exp.v#L46:L47>. URL validated: 2023-07-15.

[REF-1369] "Fix CWE-1300". 2021. <https://github.com/HACK-EVENT/hackatdac21/blob/37e42f724c14b8e4cc8f6e13462c12a492778219/piton/design/chip/tile/ariane/src/rsa/mod_exp.v#L47:L51>. URL validated: 2023-09-29.

Content History

Submissions
Submission Date	Submitter	Organization
2020-05-29 (CWE 4.2, 2020-08-20)	Nicole Fern	Tortuga Logic
2020-05-29 (CWE 4.2, 2020-08-20)
Contributions
Contribution Date	Contributor	Organization
2021-10-11	Anders Nordstrom, Alric Althoff	Tortuga Logic
2021-10-11	Provided detection methods, observed examples, and references
2021-10-13	Nicole Fern	Riscure
2021-10-13	Provided detection methods, observed examples, and references
2023-06-21	Chen Chen, Rahul Kande, Jeyavijayan Rajendran	Texas A&M University
2023-06-21	suggested demonstrative example
2023-06-21	Shaza Zeitouni, Mohamadreza Rostami, Ahmad-Reza Sadeghi	Technical University of Darmstadt
2023-06-21	suggested demonstrative example
Modifications
Modification Date	Modifier	Organization
2021-03-15	CWE Content Team	MITRE
2021-03-15	updated Functional_Areas, Maintenance_Notes
2021-07-20	CWE Content Team	MITRE
2021-07-20	updated Related_Attack_Patterns
2021-10-28	CWE Content Team	MITRE
2021-10-28	updated Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Observed_Examples, References, Relationships, Weakness_Ordinalities
2022-06-28	CWE Content Team	MITRE
2022-06-28	updated Relationships
2022-10-13	CWE Content Team	MITRE
2022-10-13	updated References, Relationships
2023-01-31	CWE Content Team	MITRE
2023-01-31	updated Related_Attack_Patterns
2023-04-27	CWE Content Team	MITRE
2023-04-27	updated References, Relationships
2023-06-29	CWE Content Team	MITRE
2023-06-29	updated Mapping_Notes
2023-10-26	CWE Content Team	MITRE
2023-10-26	updated Demonstrative_Examples, Observed_Examples, References
Previous Entry Names
Change Date	Previous Entry Name
2021-10-28	Improper Protection Against Physical Side Channels

CWE-1256: Improper Restriction of Software Interfaces to Hardware Features

Weakness ID: 1256

View customized information:

Description

The product provides software-controllable device functionality for capabilities such as power and clock management, but it does not properly limit functionality that can lead to modification of hardware memory or register bits, or the ability to observe physical side channels.

Extended Description

It is frequently assumed that physical attacks such as fault injection and side-channel analysis require an attacker to have physical access to the target device. This assumption may be false if the device has improperly secured power management features, or similar features. For mobile devices, minimizing power consumption is critical, but these devices run a wide variety of applications with different performance requirements. Software-controllable mechanisms to dynamically scale device voltage and frequency and monitor power consumption are common features in today's chipsets, but they also enable attackers to mount fault injection and side-channel attacks without having physical access to the device.

Fault injection attacks involve strategic manipulation of bits in a device to achieve a desired effect such as skipping an authentication step, elevating privileges, or altering the output of a cryptographic operation. Manipulation of the device clock and voltage supply is a well-known technique to inject faults and is cheap to implement with physical device access. Poorly protected power management features allow these attacks to be performed from software. Other features, such as the ability to write repeatedly to DRAM at a rapid rate from unprivileged software, can result in bit flips in other memory locations (Rowhammer, [REF-1083]).

Side channel analysis requires gathering measurement traces of physical quantities such as power consumption. Modern processors often include power metering capabilities in the hardware itself (e.g., Intel RAPL) which if not adequately protected enable attackers to gather measurements necessary for performing side-channel attacks from software.

Relationships

Relevant to the view "Research Concepts" (CWE-1000)

Nature	Type	ID	Name
ChildOf	Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.	285	Improper Authorization

Relevant to the view "Hardware Design" (CWE-1194)

Nature	Type	ID	Name
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1206	Power, Clock, Thermal, and Reset Concerns

Modes Of Introduction

Phase	Note
Architecture and Design	An architect may initiate introduction of this weakness via exacting requirements for software accessible power/clock management requirements
Implementation	An implementer may introduce this weakness by assuming there are no consequences to unbounded power and clock management for secure components from untrusted ones.

Applicable Platforms

Languages

Class: Not Language-Specific (Undetermined Prevalence)

Operating Systems

Class: Not OS-Specific (Undetermined Prevalence)

Architectures

Class: Not Architecture-Specific (Undetermined Prevalence)

Technologies

Class: Not Technology-Specific (Undetermined Prevalence)

Memory Hardware (Undetermined Prevalence)

Power Management Hardware (Undetermined Prevalence)

Clock/Counter Hardware (Undetermined Prevalence)

Common Consequences

Scope	Impact	Likelihood
Integrity	Technical Impact: Modify Memory; Modify Application Data; Bypass Protection Mechanism

Demonstrative Examples

Example 1

This example considers the Rowhammer problem [REF-1083]. The Rowhammer issue was caused by a program in a tight loop writing repeatedly to a location to which the program was allowed to write but causing an adjacent memory location value to change.

(bad code)

Example Language: Other

Continuously writing the same value to the same address causes the value of an adjacent location to change value.

Preventing the loop required to defeat the Rowhammer exploit is not always possible:

(good code)

Example Language: Other

Redesign the RAM devices to reduce inter capacitive coupling making the Rowhammer exploit impossible.

While the redesign may be possible for new devices, a redesign is not possible in existing devices. There is also the possibility that reducing capacitance with a relayout would impact the density of the device resulting in a less capable, more costly device.

Example 2

Suppose a hardware design implements a set of software-accessible registers for scaling clock frequency and voltage but does not control access to these registers. Attackers may cause register and memory changes and race conditions by changing the clock or voltage of the device under their control.

Example 3

Consider the following SoC design. Security-critical settings for scaling clock frequency and voltage are available in a range of registers bounded by [PRIV_END_ADDR : PRIV_START_ADDR] in the tmcu.csr module in the HW Root of Trust. These values are writable based on the lock_bit register in the same module. The lock_bit is only writable by privileged software running on the tmcu.

We assume that untrusted software running on any of the Core{0-N} processors has access to the input and output ports of the hrot_iface. If untrusted software can clear the lock_bit or write the clock frequency and voltage registers due to inadequate protection, a fault injection attack could be performed.

Observed Examples

Reference	Description
CVE-2019-11157	Plundervolt: Improper conditions check in voltage settings for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege and/or information disclosure via local access [REF-1081].
CVE-2020-8694	PLATYPUS Attack: Insufficient access control in the Linux kernel driver for some Intel processors allows information disclosure.
CVE-2020-8695	Observable discrepancy in the RAPL interface for some Intel processors allows information disclosure.
CVE-2020-12912	AMD extension to a Linux service does not require privileged access to the RAPL interface, allowing side-channel attacks.
CVE-2015-0565	NaCl in 2015 allowed the CLFLUSH instruction, making Rowhammer attacks possible.

Potential Mitigations

Phases: Architecture and Design; Implementation

Ensure proper access control mechanisms protect software-controllable features altering physical operating conditions such as clock frequency and voltage.

Weakness Ordinalities

Ordinality	Description
Primary	(where the weakness exists independent of other weaknesses)

Detection Methods

Manual Analysis

Perform a security evaluation of system-level architecture and design with software-aided physical attacks in scope.

Automated Dynamic Analysis

Use custom software to change registers that control clock settings or power settings to try to bypass security locks, or repeatedly write DRAM to try to change adjacent locations. This can be effective in extracting or changing data. The drawback is that it cannot be run before manufacturing, and it may require specialized software.

Effectiveness: Moderate

Functional Areas

Power
Clock

Memberships

Nature	Type	ID	Name
MemberOf	View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries).	1343	Weaknesses in the 2021 CWE Most Important Hardware Weaknesses List
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1396	Comprehensive Categorization: Access Control

Vulnerability Mapping Notes

Usage: ALLOWED

(this CWE ID could be used to map to real-world vulnerabilities)

Reason: Acceptable-Use

Rationale:

This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

Comments:

Related Attack Patterns

CAPEC-ID	Attack Pattern Name
CAPEC-624	Hardware Fault Injection
CAPEC-625	Mobile Device Fault Injection

References

[REF-1081] Kit Murdock, David Oswald, Flavio D Garcia, Jo Van Bulck, Frank Piessens and Daniel Gruss. "Plundervolt". <https://plundervolt.com/>.

[REF-1082] Adrian Tang, Simha Sethumadhavan and Salvatore Stolfo. "CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management". <https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-tang.pdf>.

[REF-1083] Yoongu Kim, Ross Daly, Jeremie Kim, Ji Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai and Onur Mutlu. "Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors". <https://users.ece.cmu.edu/~yoonguk/papers/kim-isca14.pdf>.

[REF-1225] Project Zero. "Exploiting the DRAM rowhammer bug to gain kernel privileges". 2015-03-09. <https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html>.

[REF-1217] Ross Anderson. "Security Engineering". 2001. <https://www.cl.cam.ac.uk/~rja14/musicfiles/manuscripts/SEv1.pdf>.

Content History

Submissions
Submission Date	Submitter	Organization
2020-05-08 (CWE 4.1, 2020-02-24)	Nicole Fern	Tortuga Logic
2020-05-08 (CWE 4.1, 2020-02-24)
Contributions
Contribution Date	Contributor	Organization
2021-07-16		Tortuga Logic
2021-07-16	Provided Demonstrative Example for Hardware Root of Trust
2021-10-11	Anders Nordstrom, Alric Althoff	Tortuga Logic
2021-10-11	Provided detection method
2021-10-15	Nicole Fern	Riscure
2021-10-15	updated description and extended description, detection method, and observed examples
Modifications
Modification Date	Modifier	Organization
2020-08-20	CWE Content Team	MITRE
2020-08-20	updated Demonstrative_Examples, Description, Maintenance_Notes, Related_Attack_Patterns
2021-03-15	CWE Content Team	MITRE
2021-03-15	updated Demonstrative_Examples, Functional_Areas, Maintenance_Notes
2021-07-20	CWE Content Team	MITRE
2021-07-20	updated Demonstrative_Examples, Observed_Examples
2021-10-28	CWE Content Team	MITRE
2021-10-28	updated Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Modes_of_Introduction, Name, Observed_Examples, References, Relationships, Weakness_Ordinalities
2022-04-28	CWE Content Team	MITRE
2022-04-28	updated Applicable_Platforms
2022-06-28	CWE Content Team	MITRE
2022-06-28	updated Applicable_Platforms
2023-01-31	CWE Content Team	MITRE
2023-01-31	updated Related_Attack_Patterns
2023-04-27	CWE Content Team	MITRE
2023-04-27	updated Relationships
2023-06-29	CWE Content Team	MITRE
2023-06-29	updated Mapping_Notes
Previous Entry Names
Change Date	Previous Entry Name
2021-10-28	Hardware Features Enable Physical Attacks from Software

CWE-1244: Internal Asset Exposed to Unsafe Debug Access Level or State

Weakness ID: 1244

View customized information:

Description

The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal asset, providing unintended access to the asset from untrusted debug agents.

Extended Description

Debug authorization can have multiple levels of access, defined such that different system internal assets are accessible based on the current authorized debug level. Other than debugger authentication (e.g., using passwords or challenges), the authorization can also be based on the system state or boot stage. For example, full system debug access might only be allowed early in boot after a system reset to ensure that previous session data is not accessible to the authenticated debugger.

If this protection mechanism does not ensure that internal assets have the correct debug access level during each boot stage or change in system state, an attacker could obtain sensitive information from the internal asset using a debugger.

Relationships

Relevant to the view "Research Concepts" (CWE-1000)

Nature	Type	ID	Name
ChildOf	Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.	863	Incorrect Authorization

Relevant to the view "Hardware Design" (CWE-1194)

Nature	Type	ID	Name
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1207	Debug and Test Problems

Modes Of Introduction

Phase	Note
Architecture and Design
Implementation

Applicable Platforms

Languages

Class: Not Language-Specific (Undetermined Prevalence)

Operating Systems

Class: Not OS-Specific (Undetermined Prevalence)

Architectures

Class: Not Architecture-Specific (Undetermined Prevalence)

Technologies

Class: System on Chip (Undetermined Prevalence)

Common Consequences

Scope	Impact	Likelihood
Confidentiality	Technical Impact: Read Memory
Integrity	Technical Impact: Modify Memory
Authorization Access Control	Technical Impact: Gain Privileges or Assume Identity; Bypass Protection Mechanism

Demonstrative Examples

Example 1

The JTAG interface is used to perform debugging and provide CPU core access for developers. JTAG-access protection is implemented as part of the JTAG_SHIELD bit in the hw_digctl_ctrl register. This register has no default value at power up and is set only after the system boots from ROM and control is transferred to the user software.

(bad code)

Example Language: Other

1 bit	0x0 = JTAG debugger is enabled (default)
JTAG_SHIELD	0x1 = JTAG debugger is disabled

This means that since the end user has access to JTAG at system reset and during ROM code execution before control is transferred to user software, a JTAG user can modify the boot flow and subsequently disclose all CPU information, including data-encryption keys.

(informative)

The default value of this register bit should be set to 1 to prevent the JTAG from being enabled at system reset.

Example 2

The example code below is taken from the CVA6 processor core of the HACK@DAC'21 buggy OpenPiton SoC. Debug access allows users to access internal hardware registers that are otherwise not exposed for user access or restricted access through access control protocols. Hence, requests to enter debug mode are checked and authorized only if the processor has sufficient privileges. In addition, debug accesses are also locked behind password checkers. Thus, the processor enters debug mode only when the privilege level requirement is met, and the correct debug password is provided.

The following code [REF-1377] illustrates an instance of a vulnerable implementation of debug mode. The core correctly checks if the debug requests have sufficient privileges and enables the debug_mode_d and debug_mode_q signals. It also correctly checks for debug password and enables umode_i signal.

(bad code)

Example Language: Verilog

module csr_regfile #(
...

// check that we actually want to enter debug depending on the privilege level we are currently in
unique case (priv_lvl_o)

riscv::PRIV_LVL_M: begin

debug_mode_d = dcsr_q.ebreakm;

...

riscv::PRIV_LVL_U: begin

debug_mode_d = dcsr_q.ebreaku;

...

assign priv_lvl_o = (debug_mode_q || umode_i) ? riscv::PRIV_LVL_M : priv_lvl_q;

...

debug_mode_q <= debug_mode_d;

...

However, it grants debug access and changes the privilege level, priv_lvl_o, even when one of the two checks is satisfied and the other is not. Because of this, debug access can be granted by simply requesting with sufficient privileges (i.e., debug_mode_q is enabled) and failing the password check (i.e., umode_i is disabled). This allows an attacker to bypass the debug password checking and gain debug access to the core, compromising the security of the processor.

A fix to this issue is to only change the privilege level of the processor when both checks are satisfied, i.e., the request has enough privileges (i.e., debug_mode_q is enabled) and the password checking is successful (i.e., umode_i is enabled) [REF-1378].

(good code)

Example Language: Verilog

module csr_regfile #(
...

// check that we actually want to enter debug depending on the privilege level we are currently in
unique case (priv_lvl_o)

riscv::PRIV_LVL_M: begin

debug_mode_d = dcsr_q.ebreakm;

...

riscv::PRIV_LVL_U: begin

debug_mode_d = dcsr_q.ebreaku;

...

assign priv_lvl_o = (debug_mode_q && umode_i) ? riscv::PRIV_LVL_M : priv_lvl_q;

...

debug_mode_q <= debug_mode_d;

...

Observed Examples

Reference	Description
CVE-2019-18827	After ROM code execution, JTAG access is disabled. But before the ROM code is executed, JTAG access is possible, allowing a user full system access. This allows a user to modify the boot flow and successfully bypass the secure-boot process.

Potential Mitigations

Phases: Architecture and Design; Implementation

For security-sensitive assets accessible over debug/test interfaces, only allow trusted agents.

Effectiveness: High

Phase: Architecture and Design

Apply blinding [REF-1219] or masking techniques in strategic areas.

Effectiveness: Limited

Phase: Implementation

Add shielding or tamper-resistant protections to the device, which increases the difficulty and cost for accessing debug/test interfaces.

Effectiveness: Limited

Weakness Ordinalities

Ordinality	Description
Primary	(where the weakness exists independent of other weaknesses)

Detection Methods

Manual Analysis

Check 2 devices for their passcode to authenticate access to JTAG/debugging ports. If the passcodes are missing or the same, update the design to fix and retest. Check communications over JTAG/debugging ports for encryption. If the communications are not encrypted, fix the design and retest.

Effectiveness: Moderate

Memberships

Nature	Type	ID	Name
MemberOf	View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries).	1343	Weaknesses in the 2021 CWE Most Important Hardware Weaknesses List
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1396	Comprehensive Categorization: Access Control

Vulnerability Mapping Notes

Usage: ALLOWED

(this CWE ID could be used to map to real-world vulnerabilities)

Reason: Acceptable-Use

Rationale:

This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

Comments:

Notes

Relationship

CWE-1191 and CWE-1244 both involve physical debug access, but the weaknesses are different. CWE-1191 is effectively about missing authorization for a debug interface, i.e. JTAG. CWE-1244 is about providing internal assets with the wrong debug access level, exposing the asset to untrusted debug agents.

Related Attack Patterns

CAPEC-ID	Attack Pattern Name
CAPEC-114	Authentication Abuse

References

[REF-1056] F-Secure Labs. "Multiple Vulnerabilities in Barco Clickshare: JTAG access is not permanently disabled". <https://labs.f-secure.com/advisories/multiple-vulnerabilities-in-barco-clickshare/>.

[REF-1057] Kurt Rosenfeld and Ramesh Karri. "Attacks and Defenses for JTAG". <https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5406671>.

[REF-1219] Monodeep Kar, Arvind Singh, Santosh Ghosh, Sanu Mathew, Anand Rajan, Vivek De, Raheem Beyah and Saibal Mukhopadhyay. "Blindsight: Blinding EM Side-Channel Leakage using Built-In Fully Integrated Inductive Voltage Regulator". 2018-02. <https://arxiv.org/pdf/1802.09096.pdf>. URL validated: 2023-04-07.

[REF-1377] "csr_regile.sv line 938". 2021. <https://github.com/HACK-EVENT/hackatdac19/blob/57e7b2109c1ea2451914878df2e6ca740c2dcf34/src/csr_regfile.sv#L938>. URL validated: 2023-12-13.

[REF-1378] "Fix for csr_regfile.sv line 938". 2021. <https://github.com/HACK-EVENT/hackatdac19/blob/a7b61209e56c48eec585eeedea8413997ec71e4a/src/csr_regfile.sv#L938C31-L938C56>. URL validated: 2023-12-13.

Content History

Submissions
Submission Date	Submitter	Organization
2020-02-12 (CWE 4.0, 2020-02-24)	Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi	Intel Corporation
2020-02-12 (CWE 4.0, 2020-02-24)
Contributions
Contribution Date	Contributor	Organization
2021-10-22	Hareesh Khattri	Intel Corporation
2021-10-22	clarified differences between CWE-1191 and CWE-1244, and suggested rephrasing of descriptions and names.
2023-11-07	Chen Chen, Rahul Kande, Jeyavijayan Rajendran	Texas A&M University
2023-11-07	suggested demonstrative example
2023-11-07	Shaza Zeitouni, Mohamadreza Rostami, Ahmad-Reza Sadeghi	Technical University of Darmstadt
2023-11-07	suggested demonstrative example
Modifications
Modification Date	Modifier	Organization
2020-08-20	CWE Content Team	MITRE
2020-08-20	updated Demonstrative_Examples, Name, Observed_Examples, Related_Attack_Patterns
2021-03-15	CWE Content Team	MITRE
2021-03-15	updated Maintenance_Notes
2021-10-28	CWE Content Team	MITRE
2021-10-28	updated Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Observed_Examples, Potential_Mitigations, References, Relationship_Notes, Relationships, Weakness_Ordinalities
2022-04-28	CWE Content Team	MITRE
2022-04-28	updated Related_Attack_Patterns
2023-04-27	CWE Content Team	MITRE
2023-04-27	updated References, Relationships
2023-06-29	CWE Content Team	MITRE
2023-06-29	updated Mapping_Notes
2024-02-29 (CWE 4.14, 2024-02-29)	CWE Content Team	MITRE
2024-02-29 (CWE 4.14, 2024-02-29)	updated Demonstrative_Examples, References
Previous Entry Names
Change Date	Previous Entry Name
2020-08-20	Improper Authorization on Physical Debug and Test Interfaces

2021-10-28	Improper Access to Sensitive Information Using Debug and Test Interfaces

CWE-1191: On-Chip Debug and Test Interface With Improper Access Control

Weakness ID: 1191

View customized information:

Description

The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface.

Extended Description

A device's internal information may be accessed through a scan chain of interconnected internal registers, usually through a JTAG interface. The JTAG interface provides access to these registers in a serial fashion in the form of a scan chain for the purposes of debugging programs running on a device. Since almost all information contained within a device may be accessed over this interface, device manufacturers typically insert some form of authentication and authorization to prevent unintended use of this sensitive information. This mechanism is implemented in addition to on-chip protections that are already present.

If authorization, authentication, or some other form of access control is not implemented or not implemented correctly, a user may be able to bypass on-chip protection mechanisms through the debug interface.

Sometimes, designers choose not to expose the debug pins on the motherboard. Instead, they choose to hide these pins in the intermediate layers of the board. This is primarily done to work around the lack of debug authorization inside the chip. In such a scenario (without debug authorization), when the debug interface is exposed, chip internals are accessible to an attacker.

Relationships

Relevant to the view "Research Concepts" (CWE-1000)

Nature	Type	ID	Name
ChildOf	Pillar - a weakness that is the most abstract type of weakness and represents a theme for all class/base/variant weaknesses related to it. A Pillar is different from a Category as a Pillar is still technically a type of weakness that describes a mistake, while a Category represents a common characteristic used to group related things.	284	Improper Access Control
PeerOf	Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.	1263	Improper Physical Access Control

Relevant to the view "Hardware Design" (CWE-1194)

Nature	Type	ID	Name
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1207	Debug and Test Problems
PeerOf	Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.	1299	Missing Protection Mechanism for Alternate Hardware Interface

Modes Of Introduction

Phase	Note
Architecture and Design
Implementation

Applicable Platforms

Languages

Class: Not Language-Specific (Undetermined Prevalence)

Operating Systems

Class: Not OS-Specific (Undetermined Prevalence)

Architectures

Class: Not Architecture-Specific (Undetermined Prevalence)

Technologies

Class: Not Technology-Specific (Undetermined Prevalence)

Common Consequences

Scope	Impact	Likelihood
Confidentiality	Technical Impact: Read Application Data	High
Confidentiality	Technical Impact: Read Memory	High
Authorization	Technical Impact: Execute Unauthorized Code or Commands	High
Integrity	Technical Impact: Modify Memory	High
Integrity	Technical Impact: Modify Application Data	High
Access Control	Technical Impact: Bypass Protection Mechanism	High

Demonstrative Examples

Example 1

A home, WiFi-router device implements a login prompt which prevents an unauthorized user from issuing any commands on the device until appropriate credentials are provided. The credentials are protected on the device and are checked for strength against attack.

(bad code)

Example Language: Other

If the JTAG interface on this device is not hidden by the manufacturer, the interface may be identified using tools such as JTAGulator. If it is hidden but not disabled, it can be exposed by physically wiring to the board.

By issuing a "halt" command before the OS starts, the unauthorized user pauses the watchdog timer and prevents the router from restarting (once the watchdog timer would have expired). Having paused the router, an unauthorized user is able to execute code and inspect and modify data in the device, even extracting all of the router's firmware. This allows the user to examine the router and potentially exploit it.

JTAG is useful to chip and device manufacturers during design, testing, and production and is included in nearly every product. Without proper authentication and authorization, the interface may allow tampering with a product.

(good code)

Example Language: Other

In order to prevent exposing the debugging interface, manufacturers might try to obfuscate the JTAG interface or blow device internal fuses to disable the JTAG interface. Adding authentication and authorization to this interface makes use by unauthorized individuals much more difficult.

Example 2

The following example code is a snippet from the JTAG wrapper module in the RISC-V debug module of the HACK@DAC'21 Openpiton SoC [REF-1355]. To make sure that the JTAG is accessed securely, the developers have included a primary authentication mechanism based on a password.

The developers employed a Finite State Machine (FSM) to implement this authentication. When a user intends to read from or write to the JTAG module, they must input a password.

In the subsequent state of the FSM module, the entered password undergoes Hash-based Message Authentication Code (HMAC) calculation using an internal HMAC submodule. Once the HMAC for the entered password is computed by the HMAC submodule, the FSM transitions to the next state, where it compares the computed HMAC with the expected HMAC for the password.

If the computed HMAC matches the expected HMAC, the FSM grants the user permission to perform read or write operations on the JTAG module. [REF-1352]

(bad code)

Example Language: Verilog

...

PassChkValid: begin

if(hashValid) begin

if(exp_hash == pass_hash) begin

pass_check = 1'b1;

end else begin

pass_check = 1'b0;

end
state_d = Idle;

end else begin

state_d = PassChkValid;

end

...

However, in the given vulnerable part of the code, the JTAG module has not defined a limitation for several continuous wrong password attempts. This omission poses a significant security risk, allowing attackers to carry out brute-force attacks without restrictions.

Without a limitation on wrong password attempts, an attacker can repeatedly guess different passwords until they gain unauthorized access to the JTAG module. This leads to various malicious activities, such as unauthorized read from or write to debug module interface.

To mitigate the mentioned vulnerability, developers need to implement a restriction on the number of consecutive incorrect password attempts allowed by the JTAG module, which can achieve by incorporating a mechanism that temporarily locks the module after a certain number of failed attempts.[REF-1353][REF-1354]

(good code)

Example Language: Verilog

...
case (state_q)

Idle: begin
...

else if ( (dm::dtm_op_e'(dmi.op) == dm::DTM_PASS) && (miss_pass_check_cnt_q != 2'b11) )
begin

state_d = Write;
pass_mode = 1'b1;

end

...
end
...

PassChkValid: begin

if(hashValid) begin

if(exp_hash == pass_hash) begin

pass_check = 1'b1;

end else begin

pass_check = 1'b0;
miss_pass_check_cnt_d = miss_pass_check_cnt_q + 1

end
state_d = Idle;

end else begin

state_d = PassChkValid;

end

...

Example 3

The example code below is taken from the JTAG access control mechanism of the HACK@DAC'21 buggy OpenPiton SoC [REF-1364]. Access to JTAG allows users to access sensitive information in the system. Hence, access to JTAG is controlled using cryptographic authentication of the users. In this example (see the vulnerable code source), the password checker uses HMAC-SHA256 for authentication. It takes a 512-bit secret message from the user, hashes it using HMAC, and compares its output with the expected output to determine the authenticity of the user.

(bad code)

Example Language: Verilog

...
logic [31-1:0] data_d, data_q;
...
logic [512-1:0] pass_data;
...

Write: begin

...

if (pass_mode) begin

pass_data = { {60{8'h00}}, data_d};
state_d = PassChk;
pass_mode = 1'b0;

...

end

...

The vulnerable code shows an incorrect implementation of the HMAC authentication where it only uses the least significant 32 bits of the secret message for the authentication (the remaining 480 bits are hard coded as zeros). As a result, the system is susceptible to brute-force attacks on the access control mechanism of JTAG, where the attacker only needs to determine 32 bits of the secret message instead of 512 bits.

To mitigate this issue, remove the zero padding and use all 512 bits of the secret message for HMAC authentication [REF-1365].

(good code)

Example Language: Verilog

...
logic [512-1:0] data_d, data_q;
...
logic [512-1:0] pass_data;
...

Write: begin

...

if (pass_mode) begin

pass_data = data_d;
state_d = PassChk;
pass_mode = 1'b0;

...

end

...

Observed Examples

Reference	Description
CVE-2019-18827	chain: JTAG interface is not disabled (CWE-1191) during ROM code execution, introducing a race condition (CWE-362) to extract encryption keys

Potential Mitigations

Phase: Architecture and Design

Strategy: Separation of Privilege

If feasible, the manufacturer should disable the JTAG interface or implement authentication and authorization for the JTAG interface. If authentication logic is added, it should be resistant to timing attacks. Security-sensitive data stored in registers, such as keys, etc. should be cleared when entering debug mode.

Effectiveness: High

Weakness Ordinalities

Ordinality	Description
Primary	(where the weakness exists independent of other weaknesses)

Detection Methods

Dynamic Analysis with Manual Results Interpretation

Authentication and authorization of debug and test interfaces should be part of the architecture and design review process. Withholding of private register documentation from the debug and test interface public specification ("Security by obscurity") should not be considered as sufficient security.

Dynamic Analysis with Manual Results Interpretation

Dynamic tests should be done in the pre-silicon and post-silicon stages to verify that the debug and test interfaces are not open by default.

Fuzzing

Tests that fuzz Debug and Test Interfaces should ensure that no access without appropriate authentication and authorization is possible.

Effectiveness: Moderate

Memberships

Nature	Type	ID	Name
MemberOf	View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries).	1343	Weaknesses in the 2021 CWE Most Important Hardware Weaknesses List
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1396	Comprehensive Categorization: Access Control

Vulnerability Mapping Notes

Usage: ALLOWED

(this CWE ID could be used to map to real-world vulnerabilities)

Reason: Acceptable-Use

Rationale:

This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

Comments:

Notes

Relationship

Related Attack Patterns

CAPEC-ID	Attack Pattern Name
CAPEC-1	Accessing Functionality Not Properly Constrained by ACLs
CAPEC-180	Exploiting Incorrectly Configured Access Control Security Levels

References

[REF-1037] Kurt Rosenfeld and Ramesh Karri. "Attacks and Defenses for JTAG". 2010-02. <https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5406671>.

[REF-1043] Gopal Vishwakarma and Wonjun Lee. "Exploiting JTAG and Its Mitigation in IOT: A Survey". 2018-12-03. <https://www.mdpi.com/1999-5903/10/12/121/pdf>. URL validated: 2023-04-07.

[REF-1084] Gopal Vishwakarma and Wonjun Lee. "JTAG Explained (finally!): Why "IoT", Software Security Engineers, and Manufacturers Should Care". <https://www.mdpi.com/1999-5903/10/12/121/pdf>. URL validated: 2023-04-07.

[REF-1085] Bob Molyneaux, Mark McDermott and Anil Sabbavarapu. "Design for Testability & Design for Debug". <http://users.ece.utexas.edu/~mcdermot/vlsi-2/Lecture_17.pdf>.

[REF-1355] Florian Zaruba. "dmi_jtag.sv". 2021. <https://github.com/HACK-EVENT/hackatdac21/blob/71103971e8204de6a61afc17d3653292517d32bf/piton/design/chip/tile/ariane/src/riscv-dbg/src/dmi_jtag.sv#L192:L204>. URL validated: 2023-09-18.

[REF-1354] Florian Zaruba. "Fix CWE-1191 in dmi_jtag.sv". 2021. <https://github.com/HACK-EVENT/hackatdac21/blob/58f984d492fdb0369c82ef10fcbbaa4b9850f9fb/piton/design/chip/tile/ariane/src/riscv-dbg/src/dmi_jtag.sv#L200>. URL validated: 2023-09-18.

[REF-1353] Florian Zaruba. "Fix CWE-1191 in dmi_jtag.sv". 2021. <https://github.com/HACK-EVENT/hackatdac21/blob/58f984d492fdb0369c82ef10fcbbaa4b9850f9fb/piton/design/chip/tile/ariane/src/riscv-dbg/src/dmi_jtag.sv#L131>. URL validated: 2023-09-18.

[REF-1352] Florian Zaruba. "dmi_jtag.sv". 2021. <https://github.com/HACK-EVENT/hackatdac21/blob/71103971e8204de6a61afc17d3653292517d32bf/piton/design/chip/tile/ariane/src/riscv-dbg/src/dmi_jtag.sv#L118:L204>. URL validated: 2023-09-18.

[REF-1364] "dmi_jtag.sv". 2021. <https://github.com/HACK-EVENT/hackatdac21/blob/71103971e8204de6a61afc17d3653292517d32bf/piton/design/chip/tile/ariane/src/riscv-dbg/src/dmi_jtag.sv#L82>. URL validated: 2023-07-15.

[REF-1365] "fix cwe_1205 in dmi_jtag.sv". 2021. <https://github.com/HACK-EVENT/hackatdac21/blob/c4f4b832218b50c406dbf9f425d3b654117c1355/piton/design/chip/tile/ariane/src/riscv-dbg/src/dmi_jtag.sv#L158>. URL validated: 2023-07-22.

Content History

Submissions
Submission Date	Submitter	Organization
2019-10-15 (CWE 4.0, 2020-02-24)	Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi	Intel Corporation
2019-10-15 (CWE 4.0, 2020-02-24)
Contributions
Contribution Date	Contributor	Organization
2021-10-18	Parbati K. Manna	Intel Corporation
2021-10-18	provided detection methods
2021-10-20	Narasimha Kumar V Mangipudi	Lattice Semiconductor
2021-10-20	reviewed content changes
2021-10-22	Hareesh Khattri	Intel Corporation
2021-10-22	clarified differences between CWE-1191 and CWE-1244
2021-10-27	Arun Kanuparthi	Intel Corporation
2021-10-27	suggested additional detail in extended description
2023-06-21	Shaza Zeitouni, Mohamadreza Rostami, Pouya Mahmoody, Ahmad-Reza Sadeghi	Technical University of Darmstadt
2023-06-21	suggested demonstrative example
2023-06-21	Rahul Kande, Chen Chen, Jeyavijayan Rajendran	Texas A&M University
2023-06-21	suggested demonstrative example
Modifications
Modification Date	Modifier	Organization
2020-06-25	CWE Content Team	MITRE
2020-06-25	updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, References, Relationships
2020-08-20	CWE Content Team	MITRE
2020-08-20	updated Applicable_Platforms, Demonstrative_Examples, Description, Name, Potential_Mitigations, Related_Attack_Patterns, Relationships
2021-03-15	CWE Content Team	MITRE
2021-03-15	updated Maintenance_Notes
2021-10-28	CWE Content Team	MITRE
2021-10-28	updated Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Potential_Mitigations, Relationship_Notes, Relationships, Weakness_Ordinalities
2022-04-28	CWE Content Team	MITRE
2022-04-28	updated Related_Attack_Patterns
2022-10-13	CWE Content Team	MITRE
2022-10-13	updated Description, Related_Attack_Patterns
2023-04-27	CWE Content Team	MITRE
2023-04-27	updated References, Relationships
2023-06-29	CWE Content Team	MITRE
2023-06-29	updated Mapping_Notes
2023-10-26	CWE Content Team	MITRE
2023-10-26	updated Demonstrative_Examples, References
Previous Entry Names
Change Date	Previous Entry Name
2020-02-26	Exposed Chip Debug Interface With Insufficient Access Control

2020-08-20	Exposed Chip Debug and or Test Interface With Insufficient Access Control

2021-10-28	Exposed Chip Debug and Test Interface With Insufficient or Missing Authorization

CWE-1233: Security-Sensitive Hardware Controls with Missing Lock Bit Protection

Weakness ID: 1233

View customized information:

Description

The product uses a register lock bit protection mechanism, but it does not ensure that the lock bit prevents modification of system registers or controls that perform changes to important hardware system configuration.

Extended Description

Integrated circuits and hardware intellectual properties (IPs) might provide device configuration controls that need to be programmed after device power reset by a trusted firmware or software module, commonly set by BIOS/bootloader. After reset, there can be an expectation that the controls cannot be used to perform any further modification. This behavior is commonly implemented using a trusted lock bit, which can be set to disable writes to a protected set of registers or address regions. The lock protection is intended to prevent modification of certain system configuration (e.g., memory/memory protection unit configuration).

However, if the lock bit does not effectively write-protect all system registers or controls that could modify the protected system configuration, then an adversary may be able to use software to access the registers/controls and modify the protected hardware configuration.

Relationships

Relevant to the view "Research Concepts" (CWE-1000)

Nature	Type	ID	Name
ChildOf	Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.	667	Improper Locking
ChildOf	Pillar - a weakness that is the most abstract type of weakness and represents a theme for all class/base/variant weaknesses related to it. A Pillar is different from a Category as a Pillar is still technically a type of weakness that describes a mistake, while a Category represents a common characteristic used to group related things.	284	Improper Access Control

Relevant to the view "Hardware Design" (CWE-1194)

Nature	Type	ID	Name
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1199	General Circuit and Logic Design Concerns

Modes Of Introduction

Phase	Note
Architecture and Design	Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases.
Implementation	Such issues could be introduced during implementation and identified later during Testing or System Configuration phases.

Applicable Platforms

Languages

Class: Not Language-Specific (Undetermined Prevalence)

Operating Systems

Class: Not OS-Specific (Undetermined Prevalence)

Architectures

Class: Not Architecture-Specific (Undetermined Prevalence)

Technologies

Class: Not Technology-Specific (Undetermined Prevalence)

Common Consequences

Scope	Impact	Likelihood
Access Control	Technical Impact: Modify Memory System Configuration protected by the lock bit can be modified even when the lock is set.

Demonstrative Examples

Example 1

(bad code)

Example Language: Other

Register	Field description
CRITICAL_TEMP_LIMIT	[31:8] Reserved field; Read only; Default 0 [7:0] Critical temp 0-255 Centigrade; Read-write-lock; Default 125
TEMP_SENSOR_CALIB	[31:0] Thermal sensor calibration data. A slope value used to map sensor reading to a degree Centigrade. Read-write; Default 25
TEMP_SENSOR_LOCK	[31:1] Reserved field; Read only; Default 0 [0] Lock bit, locks CRITICAL_TEMP_LIMIT register; Write-1-once; Default 0
TEMP_HW_SHUTDOWN	[31:2] Reserved field; Read only; Default 0 [1] Enable hardware shutdown on a critical temperature detection; Read-write; Default 0
CURRENT_TEMP	[31:8] Reserved field; Read only; Default 0 [7:0] Current Temp 0-255 Centigrade; Read-only; Default 0

In this example note that only the CRITICAL_TEMP_LIMIT register is protected by the TEMP_SENSOR_LOCK bit, while the security design intent is to protect any modification of the critical temperature detection and response.

The response of the system, if the system heats to a critical temperature, is controlled by TEMP_HW_SHUTDOWN bit [1], which is not lockable. Also, the TEMP_SENSOR_CALIB register is not protected by the lock bit.

By modifying the temperature sensor calibration, the conversion of the sensor data to a degree centigrade can be changed, such that the current temperature will never be detected to exceed critical temperature value programmed by the protected lock.

Similarly, by modifying the TEMP_HW_SHUTDOWN.Enable bit, the system response detection of the current temperature exceeding critical temperature can be disabled.

(good code)

Change TEMP_HW_SHUTDOWN and TEMP_SENSOR_CALIB controls to be locked by TEMP_SENSOR_LOCK.

TEMP_SENSOR_CALIB	[31:0] Thermal sensor calibration data. A slope value used to map sensor reading to a degree Centigrade. Read-write-Lock; Default 25; Locked by TEMP_SENSOR_LOCK bit[0]
TEMP_HW_SHUTDOWN	[31:2] Reserved field; Read only; Default 0 [1] Enable hardware shutdown on critical temperature detection; Read-write-Lock; Default 0; Locked by TEMP_SENSOR_LOCK bit[0]

Observed Examples

Reference	Description
CVE-2018-9085	Certain servers leave a write protection lock bit unset after boot, potentially allowing modification of parts of flash memory.
CVE-2014-8273	Chain: chipset has a race condition (CWE-362) between when an interrupt handler detects an attempt to write-enable the BIOS (in violation of the lock bit), and when the handler resets the write-enable bit back to 0, allowing attackers to issue BIOS writes during the timing window [REF-1237].

Potential Mitigations

Phases: Architecture and Design; Implementation; Testing

Security lock bit protections must be reviewed for design inconsistency and common weaknesses.

Security lock programming flow and lock properties must be tested in pre-silicon and post-silicon testing.

Weakness Ordinalities

Ordinality	Description
Primary	(where the weakness exists independent of other weaknesses)

Detection Methods

Manual Analysis

Set the lock bit. Attempt to modify the information protected by the lock bit. If the information is changed, implement a design fix. Retest. Also, attempt to indirectly clear the lock bit or bypass it.

Effectiveness: High

Memberships

Nature	Type	ID	Name
MemberOf	View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries).	1343	Weaknesses in the 2021 CWE Most Important Hardware Weaknesses List
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1372	ICS Supply Chain: OT Counterfeit and Malicious Corruption
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1396	Comprehensive Categorization: Access Control

Vulnerability Mapping Notes

Usage: ALLOWED

(this CWE ID could be used to map to real-world vulnerabilities)

Reason: Acceptable-Use

Rationale:

This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

Comments:

Related Attack Patterns

CAPEC-ID	Attack Pattern Name
CAPEC-176	Configuration/Environment Manipulation
CAPEC-680	Exploitation of Improperly Controlled Registers

References

[REF-1237] CERT Coordination Center. "Intel BIOS locking mechanism contains race condition that enables write protection bypass". 2015-01-05. <https://www.kb.cert.org/vuls/id/766164/>.

Content History

Submissions
Submission Date	Submitter	Organization
2020-01-15 (CWE 4.0, 2020-02-24)	Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi	Intel Corporation
2020-01-15 (CWE 4.0, 2020-02-24)
Contributions
Contribution Date	Contributor	Organization
2021-10-20	Narasimha Kumar V Mangipudi	Lattice Semiconductor
2021-10-20	reviewed content changes
Modifications
Modification Date	Modifier	Organization
2020-08-20	CWE Content Team	MITRE
2020-08-20	updated Related_Attack_Patterns
2021-03-15	CWE Content Team	MITRE
2021-03-15	updated Maintenance_Notes
2021-10-28	CWE Content Team	MITRE
2021-10-28	updated Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Observed_Examples, Potential_Mitigations, References, Relationships, Weakness_Ordinalities
2022-04-28	CWE Content Team	MITRE
2022-04-28	updated Related_Attack_Patterns, Relationships
2023-04-27	CWE Content Team	MITRE
2023-04-27	updated Relationships
2023-06-29	CWE Content Team	MITRE
2023-06-29	updated Mapping_Notes
Previous Entry Names
Change Date	Previous Entry Name
2021-10-28	Improper Hardware Lock Protection for Security Sensitive Controls

CWE-1272: Sensitive Information Uncleared Before Debug/Power State Transition

Weakness ID: 1272

View customized information:

Description

The product performs a power or debug state transition, but it does not clear sensitive information that should no longer be accessible due to changes to information access restrictions.

Extended Description

A device or system frequently employs many power and sleep states during its normal operation (e.g., normal power, additional power, low power, hibernate, deep sleep, etc.). A device also may be operating within a debug condition. State transitions can happen from one power or debug state to another. If there is information available in the previous state which should not be available in the next state and is not properly removed before the transition into the next state, sensitive information may leak from the system.

Relationships

Relevant to the view "Research Concepts" (CWE-1000)

Nature	Type	ID	Name
ChildOf	Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.	226	Sensitive Information in Resource Not Removed Before Reuse
CanPrecede	Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.	200	Exposure of Sensitive Information to an Unauthorized Actor

Relevant to the view "Hardware Design" (CWE-1194)

Nature	Type	ID	Name
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1207	Debug and Test Problems

Modes Of Introduction

Phase	Note
Architecture and Design

Applicable Platforms

Languages

VHDL (Undetermined Prevalence)

Verilog (Undetermined Prevalence)

Class: Hardware Description Language (Undetermined Prevalence)

Operating Systems

Class: Not OS-Specific (Undetermined Prevalence)

Architectures

Class: Not Architecture-Specific (Undetermined Prevalence)

Technologies

Class: Not Technology-Specific (Undetermined Prevalence)

Common Consequences

Scope	Impact	Likelihood
Confidentiality Integrity Availability Access Control Accountability Authentication Authorization Non-Repudiation	Technical Impact: Read Memory; Read Application Data Sensitive information may be used to unlock additional capabilities of the device and take advantage of hidden functionalities which could be used to compromise device security.	High

Demonstrative Examples

Example 1

This example shows how an attacker can take advantage of an incorrect state transition.

Suppose a device is transitioning from state A to state B. During state A, it can read certain private keys from the hidden fuses that are only accessible in state A but not in state B. The device reads the keys, performs operations using those keys, then transitions to state B, where those private keys should no longer be accessible.

(bad code)

During the transition from A to B, the device does not scrub the memory.

After the transition to state B, even though the private keys are no longer accessible directly from the fuses in state B, they can be accessed indirectly by reading the memory that contains the private keys.

(good code)

For transition from state A to state B, remove information which should not be available once the transition is complete.

Observed Examples

Reference	Description
CVE-2020-12926	Product software does not set a flag as per TPM specifications, thereby preventing a failed authorization attempt from being recorded after a loss of power.

Potential Mitigations

Phases: Architecture and Design; Implementation

During state transitions, information not needed in the next state should be removed before the transition to the next state.

Weakness Ordinalities

Ordinality	Description
Primary	(where the weakness exists independent of other weaknesses)

Detection Methods

Manual Analysis

Write a known pattern into each sensitive location. Enter the power/debug state in question. Read data back from the sensitive locations. If the reads are successful, and the data is the same as the pattern that was originally written, the test fails and the device needs to be fixed. Note that this test can likely be automated.

Effectiveness: High

Functional Areas

Power

Memberships

Nature	Type	ID	Name
MemberOf	View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries).	1343	Weaknesses in the 2021 CWE Most Important Hardware Weaknesses List
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1416	Comprehensive Categorization: Resource Lifecycle Management

Vulnerability Mapping Notes

Usage: ALLOWED

(this CWE ID could be used to map to real-world vulnerabilities)

Reason: Acceptable-Use

Rationale:

This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

Comments:

Related Attack Patterns

CAPEC-ID	Attack Pattern Name
CAPEC-150	Collect Data from Common Resource Locations
CAPEC-37	Retrieve Embedded Sensitive Data
CAPEC-545	Pull Data from System Resources
CAPEC-546	Incomplete Data Deletion in a Multi-Tenant Environment

References

[REF-1220] Zhenyu Ning and Fengwei Zhang. "Understanding the Security of ARM Debugging Features". 2019 IEEE Symposium on Security and Privacy (SP). 2019-05-22. <https://www.computer.org/csdl/proceedings-article/sp/2019/666000b156/19skgcwSgsE>. URL validated: 2023-04-07.

Content History

Submissions
Submission Date	Submitter	Organization
2020-05-31 (CWE 4.1, 2020-02-24)	Parbati Kumar Manna, Hareesh Khattri, Arun Kanuparthi	Intel Corporation
2020-05-31 (CWE 4.1, 2020-02-24)
Modifications
Modification Date	Modifier	Organization
2020-08-20	CWE Content Team	MITRE
2020-08-20	updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, Potential_Mitigations, Related_Attack_Patterns, Relationships
2021-03-15	CWE Content Team	MITRE
2021-03-15	updated Functional_Areas
2021-10-28	CWE Content Team	MITRE
2021-10-28	updated Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Observed_Examples, Potential_Mitigations, References, Relationships, Weakness_Ordinalities
2022-10-13	CWE Content Team	MITRE
2022-10-13	updated Applicable_Platforms
2023-04-27	CWE Content Team	MITRE
2023-04-27	updated Relationships
2023-06-29	CWE Content Team	MITRE
2023-06-29	updated Mapping_Notes
Previous Entry Names
Change Date	Previous Entry Name
2020-08-20	Debug/Power State Transitions Leak Information

CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation

Weakness ID: 1240

View customized information:

Description

To fulfill the need for a cryptographic primitive, the product implements a cryptographic algorithm using a non-standard, unproven, or disallowed/non-compliant cryptographic implementation.

Extended Description

Cryptographic protocols and systems depend on cryptographic primitives (and associated algorithms) as their basic building blocks. Some common examples of primitives are digital signatures, one-way hash functions, ciphers, and public key cryptography; however, the notion of "primitive" can vary depending on point of view. See "Terminology Notes" for further explanation of some concepts.

Cryptographic primitives are defined to accomplish one very specific task in a precisely defined and mathematically reliable fashion. For example, suppose that for a specific cryptographic primitive (such as an encryption routine), the consensus is that the primitive can only be broken after trying out N different inputs (where the larger the value of N, the stronger the cryptography). For an encryption scheme like AES-256, one would expect N to be so large as to be infeasible to execute in a reasonable amount of time.

If a vulnerability is ever found that shows that one can break a cryptographic primitive in significantly less than the expected number of attempts, then that primitive is considered weakened (or sometimes in extreme cases, colloquially it is "broken"). As a result, anything using this cryptographic primitive would now be considered insecure or risky. Thus, even breaking or weakening a seemingly small cryptographic primitive has the potential to render the whole system vulnerable, due to its reliance on the primitive. A historical example can be found in TLS when using DES. One would colloquially call DES the cryptographic primitive for transport encryption in this version of TLS. In the past, DES was considered strong, because no weaknesses were found in it; importantly, DES has a key length of 56 bits. Trying N=2^56 keys was considered impractical for most actors. Unfortunately, attacking a system with 56-bit keys is now practical via brute force, which makes defeating DES encryption practical. It is now practical for an adversary to read any information sent under this version of TLS and use this information to attack the system. As a result, it can be claimed that this use of TLS is weak, and that any system depending on TLS with DES could potentially render the entire system vulnerable to attack.

Cryptographic primitives and associated algorithms are only considered safe after extensive research and review from experienced cryptographers from academia, industry, and government entities looking for any possible flaws. Furthermore, cryptographic primitives and associated algorithms are frequently reevaluated for safety when new mathematical and attack techniques are discovered. As a result and over time, even well-known cryptographic primitives can lose their compliance status with the discovery of novel attacks that might either defeat the algorithm or reduce its robustness significantly.

If ad-hoc cryptographic primitives are implemented, it is almost certain that the implementation will be vulnerable to attacks that are well understood by cryptographers, resulting in the exposure of sensitive information and other consequences.

This weakness is even more difficult to manage for hardware-implemented deployment of cryptographic algorithms. First, because hardware is not patchable as easily as software, any flaw discovered after release and production typically cannot be fixed without a recall of the product. Secondly, the hardware product is often expected to work for years, during which time computation power available to the attacker only increases. Therefore, for hardware implementations of cryptographic primitives, it is absolutely essential that only strong, proven cryptographic primitives are used.

Relationships

Relevant to the view "Research Concepts" (CWE-1000)

Nature	Type	ID	Name
ChildOf	Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.	327	Use of a Broken or Risky Cryptographic Algorithm

Relevant to the view "Software Development" (CWE-699)

Nature	Type	ID	Name
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	310	Cryptographic Issues

Relevant to the view "Hardware Design" (CWE-1194)

Nature	Type	ID	Name
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1205	Security Primitives and Cryptography Issues

Modes Of Introduction

Phase	Note
Architecture and Design	This weakness is primarily introduced during the architecture and design phase as risky primitives are included.
Implementation	Even in cases where the Architectural phase properly specifies a cryptographically secure design, the design may be changed during implementation due to unforeseen constraints.

Applicable Platforms

Languages

Class: Not Language-Specific (Undetermined Prevalence)

Operating Systems

Class: Not OS-Specific (Undetermined Prevalence)

Architectures

Class: Not Architecture-Specific (Undetermined Prevalence)

Technologies

Class: System on Chip (Undetermined Prevalence)

Common Consequences

Scope	Impact	Likelihood
Confidentiality	Technical Impact: Read Application Data Incorrect usage of crypto primitives could render the supposedly encrypted data as unencrypted plaintext in the worst case.	High

Demonstrative Examples

Example 1

Re-using random values may compromise security.

(bad code)

Suppose an Encryption algorithm needs a random value for a key. Instead of using a DRNG (Deterministic Random Number Generator), the designer uses a linear-feedback shift register (LFSR) to generate the value.

While an LFSR may provide pseudo-random number generation service, the entropy (measure of randomness) of the resulting output may be less than that of an accepted DRNG (like that used in dev/urandom). Thus, using an LFSR weakens the strength of the cryptographic system, because it may be possible for an attacker to guess the LFSR output and subsequently the encryption key.

(good code)

If a cryptographic algorithm expects a random number as its input, provide one. Do not provide a pseudo-random value.

Observed Examples

Reference	Description
CVE-2020-4778	software uses MD5, which is less safe than the default SHA-256 used by related products
CVE-2005-2946	Default configuration of product uses MD5 instead of stronger algorithms that are available, simplifying forgery of certificates.
CVE-2019-3907	identity card uses MD5 hash of a salt and password
CVE-2021-34687	personal key is transmitted over the network using a substitution cipher
CVE-2020-14254	product does not disable TLS-RSA cipher suites, allowing decryption of traffic if TLS 2.0 and secure ciphers are not enabled.
CVE-2019-1543	SSL/TLS library generates 16-byte nonces but reduces them to 12 byte nonces for the ChaCha20-Poly1305 cipher, converting them in a way that violates the cipher's requirements for unique nonces.
CVE-2017-9267	LDAP interface allows use of weak ciphers
CVE-2017-7971	SCADA product allows "use of outdated cipher suites"
CVE-2020-6616	Chip implementing Bluetooth uses a low-entropy PRNG instead of a hardware RNG, allowing spoofing.
CVE-2019-1715	security product has insufficient entropy in the DRBG, allowing collisions and private key discovery
CVE-2014-4192	Dual_EC_DRBG implementation in RSA toolkit does not correctly handle certain byte requests, simplifying plaintext recovery
CVE-2007-6755	Recommendation for Dual_EC_DRBG algorithm contains point Q constants that could simplify decryption

Potential Mitigations

Phase: Requirements

Require compliance with the strongest-available recommendations from trusted parties, and require that compliance must be kept up-to-date, since recommendations evolve over time. For example, US government systems require FIPS 140-3 certification, which supersedes FIPS 140-2 [REF-1192] [REF-1226].

Effectiveness: High

Phase: Architecture and Design

Ensure that the architecture/design uses the strongest-available primitives and algorithms from trusted parties. For example, US government systems require FIPS 140-3 certification, which supersedes FIPS 140-2 [REF-1192] [REF-1226].

Effectiveness: High

Phase: Architecture and Design

Do not develop custom or private cryptographic algorithms. They will likely be exposed to attacks that are well-understood by cryptographers. As with all cryptographic mechanisms, the source code should be available for analysis. If the algorithm may be compromised when attackers find out how it works, then it is especially weak.

Effectiveness: Discouraged Common Practice

Phase: Architecture and Design

Try not to use cryptographic algorithms in novel ways or with new modes of operation even when you "know" it is secure. For example, using SHA-2 chaining to create a 1-time pad for encryption might sound like a good idea, but one should not do this.

Effectiveness: Discouraged Common Practice

Phase: Architecture and Design

Ensure that the design can replace one cryptographic primitive or algorithm with another in the next generation ("cryptographic agility"). Where possible, use wrappers to make the interfaces uniform. This will make it easier to upgrade to stronger algorithms. This is especially important for hardware, which can be more difficult to upgrade quickly than software; design the hardware at a replaceable block level.

Effectiveness: Defense in Depth

Phase: Architecture and Design

Do not use outdated or non-compliant cryptography algorithms. Some older algorithms, once thought to require a billion years of computing time, can now be broken in days or hours. This includes MD4, MD5, SHA1, DES, and other algorithms that were once regarded as strong [REF-267].

Effectiveness: Discouraged Common Practice

Phases: Architecture and Design; Implementation

Do not use a linear-feedback shift register (LFSR) or other legacy methods as a substitute for an accepted and standard Random Number Generator.

Effectiveness: Discouraged Common Practice

Phases: Architecture and Design; Implementation

Do not use a checksum as a substitute for a cryptographically generated hash.

Effectiveness: Discouraged Common Practice

Phase: Architecture and Design

Strategy: Libraries or Frameworks

Use a vetted cryptographic library or framework. Industry-standard implementations will save development time and are more likely to avoid errors that can occur during implementation of cryptographic algorithms. However, the library/framework could be used incorrectly during implementation.

Effectiveness: High

Phases: Architecture and Design; Implementation

When using industry-approved techniques, use them correctly. Don't cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for the prevention of common attacks.

Effectiveness: Moderate

Phases: Architecture and Design; Implementation

Do not store keys in areas accessible to untrusted agents. Carefully manage and protect the cryptographic keys (see CWE-320). If the keys can be guessed or stolen, then the strength of the cryptography algorithm is irrelevant.

Effectiveness: Moderate

Weakness Ordinalities

Ordinality	Description
Primary	(where the weakness exists independent of other weaknesses)

Detection Methods

Architecture or Design Review

Review requirements, documentation, and product design to ensure that primitives are consistent with the strongest-available recommendations from trusted parties. If the product appears to be using custom or proprietary implementations that have not had sufficient public review and approval, then this is a significant concern.

Effectiveness: High

Manual Analysis

Analyze the product to ensure that implementations for each primitive do not contain any known vulnerabilities and are not using any known-weak algorithms, including MD4, MD5, SHA1, DES, etc.

Effectiveness: Moderate

Dynamic Analysis with Manual Results Interpretation

For hardware, during the implementation (pre-Silicon / post-Silicon) phase, dynamic tests should be done to ensure that outputs from cryptographic routines are indeed working properly, such as test vectors provided by NIST [REF-1236].

Effectiveness: Moderate

Dynamic Analysis with Manual Results Interpretation

It needs to be determined if the output of a cryptographic primitive is lacking entropy, which is one clear sign that something went wrong with the crypto implementation. There exist many methods of measuring the entropy of a bytestream, from sophisticated ones (like calculating Shannon's entropy of a sequence of characters) to crude ones (by compressing it and comparing the size of the original bytestream vs. the compressed - a truly random byte stream should not be compressible and hence the uncompressed and compressed bytestreams should be nearly identical in size).

Effectiveness: Moderate

Memberships

Nature	Type	ID	Name
MemberOf	View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries).	1343	Weaknesses in the 2021 CWE Most Important Hardware Weaknesses List
MemberOf	Category - a CWE entry that contains a set of other entries that share a common characteristic.	1402	Comprehensive Categorization: Encryption

Vulnerability Mapping Notes

Usage: ALLOWED

(this CWE ID could be used to map to real-world vulnerabilities)

Reason: Acceptable-Use

Rationale:

This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

Comments:

Notes

Terminology

Terminology for cryptography varies widely, from informal and colloquial to mathematically-defined, with different precision and formalism depending on whether the stakeholder is a developer, cryptologist, etc. Yet there is a need for CWE to be self-consistent while remaining understandable and acceptable to multiple audiences.

As of CWE 4.6, CWE terminology around "primitives" and "algorithms" is emerging as shown by the following example, subject to future consultation and agreement within the CWE and cryptography communities. Suppose one wishes to send encrypted data using a CLI tool such as OpenSSL. One might choose to use AES with a 256-bit key and require tamper protection (GCM mode, for instance). For compatibility's sake, one might also choose the ciphertext to be formatted to the PKCS#5 standard. In this case, the "cryptographic system" would be AES-256-GCM with PKCS#5 formatting. The "cryptographic function" would be AES-256 in the GCM mode of operation, and the "algorithm" would be AES. Colloquially, one would say that AES (and sometimes AES-256) is the "cryptographic primitive," because it is the algorithm that realizes the concept of symmetric encryption (without modes of operation or other protocol related modifications). In practice, developers and architects typically refer to base cryptographic algorithms (AES, SHA, etc.) as cryptographic primitives.

Maintenance

Since CWE 4.4, various cryptography-related entries, including CWE-327 and CWE-1240, have been slated for extensive research, analysis, and community consultation to define consistent terminology, improve relationships, and reduce overlap or duplication. As of CWE 4.6, this work is still ongoing.

Related Attack Patterns

CAPEC-ID	Attack Pattern Name
CAPEC-97	Cryptanalysis

References

[REF-267] Information Technology Laboratory, National Institute of Standards and Technology. "SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES". 2001-05-25. <https://csrc.nist.gov/csrc/media/publications/fips/140/2/final/documents/fips1402.pdf>. URL validated: 2023-04-07.

[REF-1227] Wikipedia. "Cryptographic primitive". <https://en.wikipedia.org/wiki/Cryptographic_primitive>.

[REF-1226] Information Technology Laboratory, National Institute of Standards and Technology. "FIPS PUB 140-2: SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES". 2001-05-25. <https://csrc.nist.gov/publications/detail/fips/140/2/final>.

[REF-1192] Information Technology Laboratory, National Institute of Standards and Technology. "FIPS PUB 140-3: SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES". 2019-03-22. <https://csrc.nist.gov/publications/detail/fips/140/3/final>.

[REF-1236] NIST. "CAVP Testing: Individual Component Testing". Test Vectors. <https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/component-testing>.

Content History

Submissions
Submission Date	Submitter	Organization
2020-02-10 (CWE 4.0, 2020-02-24)	Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi	Intel Corporation
2020-02-10 (CWE 4.0, 2020-02-24)
Contributions
Contribution Date	Contributor	Organization
2021-10-18	Parbati K. Manna	Intel Corporation
2021-10-18	provided detection methods and observed examples
Modifications
Modification Date	Modifier	Organization
2020-08-20	CWE Content Team	MITRE
2020-08-20	updated Background_Details, Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Modes_of_Introduction, Potential_Mitigations, Related_Attack_Patterns, Research_Gaps
2021-07-20	CWE Content Team	MITRE
2021-07-20	updated Maintenance_Notes, Research_Gaps
2021-10-28	CWE Content Team	MITRE
2021-10-28	updated Background_Details, Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Observed_Examples, Potential_Mitigations, References, Relationships, Terminology_Notes, Weakness_Ordinalities
2023-04-27	CWE Content Team	MITRE
2023-04-27	updated References, Relationships
2023-06-29	CWE Content Team	MITRE
2023-06-29	updated Mapping_Notes
Previous Entry Names
Change Date	Previous Entry Name
2021-10-28	Use of a Risky Cryptographic Primitive

Common Weakness Enumeration

CWE VIEW: Weaknesses in the 2021 CWE Most Important Hardware Weaknesses List

View Components

CWE-1277: Firmware Not Updateable

Edit Custom Filter

CWE-1274: Improper Access Control for Volatile Memory Containing Boot Code

Edit Custom Filter

CWE-1260: Improper Handling of Overlap Between Protected Memory Ranges

Edit Custom Filter

CWE-1189: Improper Isolation of Shared Resources on System-on-a-Chip (SoC)

Edit Custom Filter

CWE-1231: Improper Prevention of Lock Bit Modification

Edit Custom Filter

CWE-1300: Improper Protection of Physical Side Channels

Edit Custom Filter

CWE-1256: Improper Restriction of Software Interfaces to Hardware Features

Edit Custom Filter

CWE-1244: Internal Asset Exposed to Unsafe Debug Access Level or State

Edit Custom Filter

CWE-1191: On-Chip Debug and Test Interface With Improper Access Control

Edit Custom Filter

CWE-1233: Security-Sensitive Hardware Controls with Missing Lock Bit Protection

Edit Custom Filter

CWE-1272: Sensitive Information Uncleared Before Debug/Power State Transition

Edit Custom Filter

CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation

Edit Custom Filter