Detalle CWE-1429

CWE-1429

Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface
Incomplete
2025-04-03
00h00 +00:00
2025-12-11
00h00 +00:00
CWE Mitre.org
Notificaciones para un CWE
Manténgase informado sobre cualquier cambio en un CWE específico.
Gestionar notificaciones

Nombre: Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface

The product has a hardware interface that silently discards operations in situations for which feedback would be security-relevant, such as the timely detection of failures or attacks.

Informaciones generales

Modos de introducción

Architecture and Design
Implementation
Requirements

Plataformas aplicables

Lenguaje

Name: C (Undetermined)
Name: C++ (Undetermined)
Name: Verilog (Undetermined)
Class: Hardware Description Language (Undetermined)
Class: Not Language-Specific (Undetermined)

Arquitecturas

Name: ARM (Undetermined)
Name: x86 (Undetermined)
Class: Embedded (Undetermined)

Tecnologías

Name: Security Hardware (Undetermined)
Name: Processor Hardware (Undetermined)
Name: Microcontroller Hardware (Undetermined)
Class: System on Chip (Undetermined)

Consecuencias comunes

Alcance Impacto Probabilidad
ConfidentialityRead Memory, Read Files or DirectoriesMedium
IntegrityModify Memory, Modify Files or DirectoriesMedium
AvailabilityDoS: Resource Consumption (Memory), DoS: Crash, Exit, or RestartHigh

Ejemplos observados

Referencias Descripción

[REF-1468]

Open source silicon root of trust (RoT) product does not immediately report when an integrity check fails for memory requests, causing the product to accept and continue processing data [REF-1468]

Mitigaciones potenciales

Phases : Architecture and Design
Phases : Implementation

Métodos de detección

Automated Static Analysis - Source Code

Efectividad : High

Manual Static Analysis - Source Code

Efectividad : Moderate

Notas de mapeo de vulnerabilidades

Justificación : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comentario : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Referencias

REF-1468

OpenTitan issue: [rv_core_ibex] Bus errors on integrity check failure
GregAC.
https://github.com/lowRISC/opentitan/issues/11336

Envío

Nombre Organización Fecha Fecha de lanzamiento Version
Amisha Srivastava University of Texas at Dallas 2023-12-20 +00:00 2025-04-03 +00:00 4.17

Modificaciones

Nombre Organización Fecha Comentario
CWE Content Team MITRE 2025-12-11 +00:00 updated Demonstrative_Examples, Weakness_Ordinalities
La información presentada en CVE Find proviene de varias fuentes de referencia cuidadosamente seleccionadas. Los datos CVE son proporcionados por MITRE Corporation y la Base de Datos Nacional de Vulnerabilidades (NVD). El catálogo de Vulnerabilidades Explotadas Conocidas (KEV) proviene de la Agencia de Seguridad de Infraestructura y Ciberseguridad (CISA), mientras que las puntuaciones EPSS provienen de FIRST.org. Además, los datos sobre debilidades de software (CWE) y patrones de ataque comunes (CAPEC) son mantenidos por MITRE Corporation, y la información sobre configuraciones de hardware y software (CPE) es proporcionada por la NVD.