Détail du CWE-1281

CWE-1281

Sequence of Processor Instructions Leads to Unexpected Behavior
Incomplete
2020-02-24
00h00 +00:00
2023-10-26
00h00 +00:00
Notifications pour un CWE
Restez informé de toutes modifications pour un CWE spécifique.
Gestion des notifications

Nom: Sequence of Processor Instructions Leads to Unexpected Behavior

Specific combinations of processor instructions lead to undesirable behavior such as locking the processor until a hard reset performed.

Description du CWE

If the instruction set architecture (ISA) and processor logic are not designed carefully and tested thoroughly, certain combinations of instructions may lead to locking the processor or other unexpected and undesirable behavior. Upon encountering unimplemented instruction opcodes or illegal instruction operands, the processor should throw an exception and carry on without negatively impacting security. However, specific combinations of legal and illegal instructions may cause unexpected behavior with security implications such as allowing unprivileged programs to completely lock the CPU.

Informations générales

Modes d'introduction

Architecture and Design : Unexpected behavior from certain instruction combinations can arise from bugs in the ISA
Implementation : Unexpected behavior from certain instruction combinations can arise because of implementation details such as speculative execution, caching etc.

Plateformes applicables

Langue

Class: Not Language-Specific (Undetermined)

Systèmes d’exploitation

Class: Not OS-Specific (Undetermined)

Architectures

Class: Not Architecture-Specific (Undetermined)

Technologies

Class: Not Technology-Specific (Undetermined)
Name: Processor Hardware (Undetermined)

Conséquences courantes

Portée Impact Probabilité
Integrity
Availability
Varies by Context

Exemples observés

Références Description

CVE-2021-26339

A bug in AMD CPU's core logic allows a potential DoS by using a specific x86 instruction sequence to hang the processor

CVE-1999-1476

A bug in some Intel Pentium processors allow DoS (hang) via an invalid "CMPXCHG8B" instruction, causing a deadlock

Mesures d’atténuation potentielles

Phases : Testing
Implement a rigorous testing strategy that incorporates randomization to explore instruction sequences that are unlikely to appear in normal workloads in order to identify halt and catch fire instruction sequences.
Phases : Patching and Maintenance
Patch operating system to avoid running Halt and Catch Fire type sequences or to mitigate the damage caused by unexpected behavior. See [REF-1108].

Notes de cartographie des vulnérabilités

Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Commentaire : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Modèles d'attaque associés

CAPEC-ID Nom du modèle d'attaque
CAPEC-212 Functionality Misuse
An adversary leverages a legitimate capability of an application in such a way as to achieve a negative technical impact. The system functionality is not altered or modified but used in a way that was not intended. This is often accomplished through the overuse of a specific functionality or by leveraging functionality with design flaws that enables the adversary to gain access to unauthorized, sensitive data.

Références

REF-1094

Breaking the x86 ISA
Christopher Domas.
https://github.com/xoreaxeaxeax/sandsifter/blob/master/references/domas_breaking_the_x86_isa_wp.pdf

REF-1108

Deep Dive: Retpoline: A Branch Target Injection Mitigation
Intel Corporation.
https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/overview.html

REF-1323

Cyrix coma bug
https://en.wikipedia.org/wiki/Cyrix_coma_bug

REF-1324

Undocumented M6800 Instructions
Gary Wheeler.
https://spivey.oriel.ox.ac.uk/wiki/images-corner/1/1a/Undoc6800.pdf

REF-1331

The Pentium F00F Bug
Robert R. Collins.
https://www.drdobbs.com/embedded-systems/the-pentium-f00f-bug/184410555

REF-1342

Hackatdac19 commit_stage.sv
https://github.com/HACK-EVENT/hackatdac19/blob/619e9fb0ef32ee1e01ad76b8732a156572c65700/src/commit_stage.sv#L287:L290

REF-1343

commit_stage.sv
Florian Zaruba, Michael Schaffner, Stefan Mach, Andreas Traber.
https://github.com/openhwgroup/cva6/blob/7951802a0147aedb21e8f2f6dc1e1e9c4ee857a2/src/commit_stage.sv#L296:L301

Soumission

Nom Organisation Date Date de publication Version
Nicole Fern Cycuity (originally submitted as Tortuga Logic) 2020-05-15 +00:00 2020-02-24 +00:00 4.1

Modifications

Nom Organisation Date Commentaire
CWE Content Team MITRE 2020-08-20 +00:00 updated Related_Attack_Patterns
CWE Content Team MITRE 2021-03-15 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2021-07-20 +00:00 updated Name, Observed_Examples
CWE Content Team MITRE 2022-10-13 +00:00 updated Applicable_Platforms, Demonstrative_Examples
CWE Content Team MITRE 2023-04-27 +00:00 updated Demonstrative_Examples, Description, References, Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Demonstrative_Examples, Mapping_Notes, References
CWE Content Team MITRE 2023-10-26 +00:00 updated Demonstrative_Examples, Observed_Examples