In hardware designs, different IP blocks are connected through interconnect-bus fabrics (e.g. AHB and OCP). Within a System on Chip (SoC), the IP block subsystems could be using different bus protocols. In such a case, the IP blocks are then linked to the central bus (and to other IP blocks) through a fabric bridge. Bridges are used as bus-interconnect-routing modules that link different protocols or separate, different segments of the overall SoC interconnect.
For overall system security, it is important that the access-control privileges associated with any fabric transaction are consistently maintained and applied, even when they are routed or translated by a fabric bridge. A bridge that is connected to a fabric without security features forwards transactions to the slave without checking the privilege level of the master and results in a weakness in SoC access-control security. The same weakness occurs if a bridge does not check the hardware identity of the transaction received from the slave interface of the bridge.
Scope | Impact | Likelihood |
---|---|---|
Confidentiality Integrity Access Control Availability | DoS: Crash, Exit, or Restart, Bypass Protection Mechanism, Read Memory, Modify Memory | Medium |
Reference | Description |
---|---|
Baseboard Management Controller (BMC) device implements Advanced High-performance Bus (AHB) bridges that do not require authentication for arbitrary read and write access to the BMC's physical address space from the host, and possibly the network [REF-1138]. |
CAPEC-ID | Attack Pattern Name |
---|---|
CAPEC-122 | Privilege Abuse An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources. |
Name | Organization | Date | Date Release | Version |
---|---|---|---|---|
Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna | Intel Corporation | 4.3 |
Name | Organization | Date | Comment |
---|---|---|---|
CWE Content Team | MITRE | updated Observed_Examples | |
CWE Content Team | MITRE | updated Applicable_Platforms | |
CWE Content Team | MITRE | updated Applicable_Platforms | |
CWE Content Team | MITRE | updated Demonstrative_Examples, Description, Detection_Factors, Name, Potential_Mitigations | |
CWE Content Team | MITRE | updated Relationships | |
CWE Content Team | MITRE | updated Mapping_Notes | |
CWE Content Team | MITRE | updated Demonstrative_Examples, References |