CWE-1189
Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
Stable
2020-02-24
00h00 +00:00
00h00 +00:00
2025-04-03
00h00 +00:00
00h00 +00:00
Notifications pour un CWE
Restez informé de toutes modifications pour un CWE spécifique.
Nom: Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
The System-On-a-Chip (SoC) does not properly isolate shared resources between trusted and untrusted agents.
Description du CWE
A System-On-a-Chip (SoC) has a lot of functionality, but it may have a limited number of pins or pads. A pin can only perform one function at a time. However, it can be configured to perform multiple different functions. This technique is called pin multiplexing. Similarly, several resources on the chip may be shared to multiplex and support different features or functions. When such resources are shared between trusted and untrusted agents, untrusted agents may be able to access the assets intended to be accessed only by the trusted agents.
Informations générales
Modes d'introduction
Architecture and DesignImplementation
Plateformes applicables
Langue
Class: Not Language-Specific (Undetermined)Technologies
Class: System on Chip (Undetermined)Conséquences courantes
| Portée | Impact | Probabilité |
|---|---|---|
| Access Control | Bypass Protection Mechanism Note: If resources being used by a trusted user are shared with an untrusted user, the untrusted user may be able to modify the functionality of the shared resource of the trusted user. | |
| Integrity | Quality Degradation Note: The functionality of the shared resource may be intentionally degraded. |
Exemples observés
| Références | Description |
|---|---|
CVE-2020-8698 | Processor has improper isolation of shared resources allowing for information disclosure. |
CVE-2019-6260 | Baseboard Management Controller (BMC) device implements Advanced High-performance Bus (AHB) bridges that do not require authentication for arbitrary read and write access to the BMC's physical address space from the host, and possibly the network [REF-1138]. |
Mesures d’atténuation potentielles
Phases : Architecture and DesignWhen sharing resources, avoid mixing agents of varying trust levels.
Untrusted agents should not share resources with trusted agents.
Méthodes de détection
Automated Dynamic Analysis
Pre-silicon / post-silicon: Test access to shared systems resources (memory ranges, control registers, etc.) from untrusted software to verify that the assets are not incorrectly exposed to untrusted agents. Note that access to shared resources can be dynamically allowed or revoked based on system flows. Security testing should cover such dynamic shared resource allocation and access control modification flows.
Efficacité : High
Notes de cartographie des vulnérabilités
Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Commentaire : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Modèles d'attaque associés
| CAPEC-ID | Nom du modèle d'attaque |
|---|---|
| CAPEC-124 | Shared Resource Manipulation An adversary exploits a resource shared between multiple applications, an application pool or hardware pin multiplexing to affect behavior. Resources may be shared between multiple applications or between multiple threads of a single application. Resource sharing is usually accomplished through mutual access to a single memory location or multiplexed hardware pins. If an adversary can manipulate this shared resource (usually by co-opting one of the applications or threads) the other applications or threads using the shared resource will often continue to trust the validity of the compromised shared resource and use it in their calculations. This can result in invalid trust assumptions, corruption of additional data through the normal operations of the other users of the shared resource, or even cause a crash or compromise of the sharing applications. |
Références
REF-1036
Ghost in the PLC Designing an Undetectable Programmable Logic Controller Rootkit via Pin Control AttackAli Abbasi and Majid Hashemi.
https://www.blackhat.com/docs/eu-16/materials/eu-16-Abbasi-Ghost-In-The-PLC-Designing-An-Undetectable-Programmable-Logic-Controller-Rootkit-wp.pdf
REF-1138
CVE-2019-6260: Gaining control of BMC from the host processorStewart Smith.
https://www.flamingspork.com/blog/2019/01/23/cve-2019-6260:-gaining-control-of-bmc-from-the-host-processor/
Soumission
| Nom | Organisation | Date | Date de publication | Version |
|---|---|---|---|---|
| Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi | Intel Corporation | 4.0 |
Modifications
| Nom | Organisation | Date | Commentaire |
|---|---|---|---|
| CWE Content Team | MITRE | updated Common_Consequences, Description, Name, Potential_Mitigations, Related_Attack_Patterns, Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Demonstrative_Examples | |
| CWE Content Team | MITRE | updated Description, Observed_Examples, References, Relationships, Weakness_Ordinalities | |
| CWE Content Team | MITRE | updated Detection_Factors | |
| CWE Content Team | MITRE | updated Observed_Examples, Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes, Relationships | |
| CWE Content Team | MITRE | updated Demonstrative_Examples |
