CWE-1037

Nombre

Processor Optimization Removal or Modification of Security-critical Code

Probabilidad

Bajo

Estado

Incomplete

Publicado

2018-03-29
00h00 +00:00

Modificado

2023-06-29
00h00 +00:00

Enlaces oficiales

CWE Mitre.org

Notificaciones para un CWE

Manténgase informado sobre cualquier cambio en un CWE específico.

Gestionar notificaciones

Alertas personalizadas

¡Active sus alertas personalizadas!

Para activar sus alertas, solo necesita iniciar sesión en su cuenta gratuita. Si aún no ha iniciado sesión, elija una de las opciones a continuación.

Iniciar sesión en su cuenta Crear una cuenta gratuita

Notificaciones para un CWE

Manténgase informado sobre cualquier cambio en un CWE específico.

Parámetros

Puede especificar un título que se recuperará en las alertas que se enviarán.

Especifique el ID de CWE que desea monitorear.

Planificación

Mes

Cálculo de la próxima ejecución

Día

Día de la semana

Hora

Minuto

Fecha de creación

Última ejecución

Próxima ejecución

Nombre: Processor Optimization Removal or Modification of Security-critical Code

The developer builds a security-critical protection mechanism into the software, but the processor optimizes the execution of the program such that the mechanism is removed or modified.

Informaciones generales

Modos de introducción

Architecture and Design : Optimizations built into the design of the processor can have unintended consequences during the execution of an application.

Plataformas aplicables

Lenguaje

Class: Not Language-Specific (Rarely)

Tecnologías

Name: Processor Hardware (Undetermined)

Consecuencias comunes

Alcance	Impacto	Probabilidad
Integrity	Bypass Protection Mechanism Note: A successful exploitation of this weakness will change the order of an application's execution and will likely be used to bypass specific protection mechanisms. This bypass can be exploited further to potentially read data that should otherwise be unaccessible.	High

Ejemplos observados

Referencias	Descripción
CVE-2017-5715	Intel, ARM, and AMD processor optimizations related to speculative execution and branch prediction cause access control checks to be bypassed when placing data into the cache. Often known as "Spectre".
CVE-2017-5753	Intel, ARM, and AMD processor optimizations related to speculative execution and branch prediction cause access control checks to be bypassed when placing data into the cache. Often known as "Spectre".
CVE-2017-5754	Intel processor optimizations related to speculative execution cause access control checks to be bypassed when placing data into the cache. Often known as "Meltdown".

Métodos de detección

White Box

In theory this weakness can be detected through the use of white box testing techniques where specifically crafted test cases are used in conjunction with debuggers to verify the order of statements being executed.
Efectividad : Opportunistic

Notas de mapeo de vulnerabilidades

Justificación : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comentario : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Patrones de ataque relacionados

CAPEC-ID	Nombre del patrón de ataque
CAPEC-663	Exploitation of Transient Instruction Execution An adversary exploits a hardware design flaw in a CPU implementation of transient instruction execution to expose sensitive data and bypass/subvert access control over restricted resources. Typically, the adversary conducts a covert channel attack to target non-discarded microarchitectural changes caused by transient executions such as speculative execution, branch prediction, instruction pipelining, and/or out-of-order execution. The transient execution results in a series of instructions (gadgets) which construct covert channel and access/transfer the secret data.

Notas

As of CWE 4.9, members of the CWE Hardware SIG are closely analyzing this entry and others to improve CWE's coverage of transient execution weaknesses, which include issues related to Spectre, Meltdown, and other attacks. Additional investigation may include other weaknesses related to microarchitectural state. As a result, this entry might change significantly in CWE 4.10.

Referencias

REF-11

Spectre Attacks: Exploiting Speculative Execution
Paul Kocher, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, Yuval Yarom.
https://arxiv.org/abs/1801.01203

REF-12

Meltdown
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg.
https://arxiv.org/abs/1801.01207

Envío

Nombre	Organización	Fecha	Fecha de lanzamiento	Version
CWE Content Team	MITRE	2018-03-07 +00:00	2018-03-29 +00:00	3.1

Modificaciones

Nombre	Organización	Fecha	Comentario
CWE Content Team	MITRE	2020-02-24 +00:00	updated Relationships
CWE Content Team	MITRE	2020-06-25 +00:00	updated Relationships
CWE Content Team	MITRE	2021-03-15 +00:00	updated Related_Attack_Patterns
CWE Content Team	MITRE	2022-10-13 +00:00	updated Applicable_Platforms, Maintenance_Notes
CWE Content Team	MITRE	2023-04-27 +00:00	updated Relationships
CWE Content Team	MITRE	2023-06-29 +00:00	updated Mapping_Notes

Detalle CWE-1037