CWE-1312
Missing Protection for Mirrored Regions in On-Chip Fabric Firewall
Draft
2020-12-10
00h00 +00:00
00h00 +00:00
2023-06-29
00h00 +00:00
00h00 +00:00
Notifications pour un CWE
Restez informé de toutes modifications pour un CWE spécifique.
Nom: Missing Protection for Mirrored Regions in On-Chip Fabric Firewall
The firewall in an on-chip fabric protects the main addressed region, but it does not protect any mirrored memory or memory-mapped-IO (MMIO) regions.
Description du CWE
Few fabrics mirror memory and address ranges, where mirrored regions contain copies of the original data. This redundancy is used to achieve fault tolerance. Whatever protections the fabric firewall implements for the original region should also apply to the mirrored regions. If not, an attacker could bypass existing read/write protections by reading from/writing to the mirrored regions to leak or corrupt the original data.
Informations générales
Modes d'introduction
Architecture and DesignImplementation
Plateformes applicables
Langue
Class: Not Language-Specific (Undetermined)Systèmes d’exploitation
Class: Not OS-Specific (Undetermined)Architectures
Class: Not Architecture-Specific (Undetermined)Technologies
Class: Not Technology-Specific (Undetermined)Conséquences courantes
| Portée | Impact | Probabilité |
|---|---|---|
| Confidentiality Integrity Access Control | Modify Memory, Read Memory, Bypass Protection Mechanism |
Mesures d’atténuation potentielles
Phases : Architecture and DesignThe fabric firewall should apply the same protections as the original region to the mirrored regions.
Phases : Implementation
The fabric firewall should apply the same protections as the original region to the mirrored regions.
Méthodes de détection
Manual Dynamic Analysis
Using an external debugger, send write transactions to mirrored regions to test if original, write-protected regions are modified. Similarly, send read transactions to mirrored regions to test if the original, read-protected signals can be read.Efficacité : High
Notes de cartographie des vulnérabilités
Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Commentaire : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Modèles d'attaque associés
| CAPEC-ID | Nom du modèle d'attaque |
|---|---|
| CAPEC-456 | Infected Memory An adversary inserts malicious logic into memory enabling them to achieve a negative impact. This logic is often hidden from the user of the system and works behind the scenes to achieve negative impacts. This pattern of attack focuses on systems already fielded and used in operation as opposed to systems that are still under development and part of the supply chain. |
| CAPEC-679 | Exploitation of Improperly Configured or Implemented Memory Protections An adversary takes advantage of missing or incorrectly configured access control within memory to read/write data or inject malicious code into said memory. |
Références
REF-1134
Address Range Memory MirroringTaku Izumi, Fujitsu Limited.
https://www.fujitsu.com/jp/documents/products/software/os/linux/catalog/LinuxConJapan2016-Izumi.pdf
Soumission
| Nom | Organisation | Date | Date de publication | Version |
|---|---|---|---|---|
| Arun Kanuparthi, Hareesh Khattri, Parbati K. Manna | Intel Corporation | 4.3 |
Modifications
| Nom | Organisation | Date | Commentaire |
|---|---|---|---|
| CWE Content Team | MITRE | updated Potential_Mitigations | |
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes |
