CWE-1429 Detail

CWE-1429

Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface
Incomplete
2025-04-03
00h00 +00:00
2025-12-11
00h00 +00:00
CWE Mitre.org
Notifiche per un CWE specifico
Rimani informato su qualsiasi modifica relativa a un CWE specifico.
Gestione notifiche

Nome: Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface

The product has a hardware interface that silently discards operations in situations for which feedback would be security-relevant, such as the timely detection of failures or attacks.

General Informations

Modes Of Introduction

Architecture and Design
Implementation
Requirements

Piattaforme applicabili

Linguaggio

Name: C (Undetermined)
Name: C++ (Undetermined)
Name: Verilog (Undetermined)
Class: Hardware Description Language (Undetermined)
Class: Not Language-Specific (Undetermined)

Architetture

Name: ARM (Undetermined)
Name: x86 (Undetermined)
Class: Embedded (Undetermined)

Tecnologie

Name: Security Hardware (Undetermined)
Name: Processor Hardware (Undetermined)
Name: Microcontroller Hardware (Undetermined)
Class: System on Chip (Undetermined)

Conseguenze comuni

Ambito Impatto Probabilità
ConfidentialityRead Memory, Read Files or DirectoriesMedium
IntegrityModify Memory, Modify Files or DirectoriesMedium
AvailabilityDoS: Resource Consumption (Memory), DoS: Crash, Exit, or RestartHigh

Esempi osservati

Riferimenti Descrizione

[REF-1468]

Open source silicon root of trust (RoT) product does not immediately report when an integrity check fails for memory requests, causing the product to accept and continue processing data [REF-1468]

Potential Mitigations

Phases : Architecture and Design
Phases : Implementation

Detection Methods

Automated Static Analysis - Source Code

Effectiveness : High

Manual Static Analysis - Source Code

Effectiveness : Moderate

Note sulla mappatura delle vulnerabilità

Giustificazione : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Commento : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Riferimenti

REF-1468

OpenTitan issue: [rv_core_ibex] Bus errors on integrity check failure
GregAC.
https://github.com/lowRISC/opentitan/issues/11336

Invio

Nome Organizzazione Data Data di rilascio Version
Amisha Srivastava University of Texas at Dallas 2023-12-20 +00:00 2025-04-03 +00:00 4.17

Modifiche

Nome Organizzazione Data Commento
CWE Content Team MITRE 2025-12-11 +00:00 updated Demonstrative_Examples, Weakness_Ordinalities
Le informazioni presentate su CVE Find provengono da diverse fonti di riferimento attentamente selezionate. I dati CVE sono forniti da MITRE Corporation e dal National Vulnerability Database (NVD). Il catalogo delle vulnerabilità sfruttate conosciute (KEV) proviene dalla Cybersecurity and Infrastructure Security Agency (CISA), mentre i punteggi EPSS provengono da FIRST.org. Inoltre, i dati relativi alle vulnerabilità software (CWE) e ai pattern di attacco comuni (CAPEC) sono mantenuti da MITRE Corporation, e le informazioni sulle configurazioni hardware e software (CPE) sono fornite da NVD.