CWE-1190
DMA Device Enabled Too Early in Boot Phase
Draft
2020-02-24
00h00 +00:00
00h00 +00:00
2025-12-11
00h00 +00:00
00h00 +00:00
Meldingen voor een CWE
Blijf op de hoogte van wijzigingen voor een specifieke CWE.
Naam: DMA Device Enabled Too Early in Boot Phase
The product enables a Direct Memory Access (DMA) capable device before the security configuration settings are established, which allows an attacker to extract data from or gain privileges on the product.
Algemene informatie
Introductiemodi
Architecture and DesignToepasselijke platforms
Taal
Class: Not Language-Specific (Undetermined)Technologieën
Class: System on Chip (Undetermined)Veelvoorkomende gevolgen
| Bereik | Impact | Waarschijnlijkheid |
|---|---|---|
| Access Control | Bypass Protection Mechanism, Modify Memory Note: DMA devices have direct write access to main memory and due to time of attack will be able to bypass OS or Bootloader access control. | High |
Mogelijke risicobeperkingen
Phases : Architecture and DesignUtilize an IOMMU to orchestrate IO access from the start of the boot process.
Notities kwetsbaarheidsmapping
Rechtvaardiging : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Opmerking : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Gerelateerde aanvalspatronen
| CAPEC-ID | Naam aanvalspatroon |
|---|---|
| CAPEC-180 | Exploiting Incorrectly Configured Access Control Security Levels
An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack. |
Referenties
REF-1038
DMA attackhttps://en.wikipedia.org/wiki/DMA_attack
REF-1039
Thunderclap: Exploring Vulnerabilities in Operating System IOMMU Protection via DMA from Untrustworthy PeripheralsA. Theodore Markettos, Colin Rothwell, Brett F. Gutstein, Allison Pearce, Peter G. Neumann, Simon W. Moore, Robert N. M. Watson.
https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_05A-1_Markettos_paper.pdf
REF-1040
FireWire all your memory are belong to usMaximillian Dornseif, Michael Becher, Christian N. Klein.
http://www.orkspace.net/secdocs/Conferences/CanSecWest/2005/0wn3d%20by%20an%20iPod%20-%20Firewire1394%20Issues.pdf
REF-1041
Integrating DMA attacks in exploitation frameworksRory Breuk, Albert Spruyt, Adam Boileau.
https://www.os3.nl/_media/2011-2012/courses/rp1/p14_report.pdf
REF-1042
Owned by an iPodMaximillian Dornseif.
https://web.archive.org/web/20060505224959/https://pacsec.jp/psj04/psj04-dornseif-e.ppt
REF-1044
My aimful lifeDmytro Oleksiuk.
http://blog.cr4.sh/2015/09/breaking-uefi-security-with-software.html
REF-1046
Hit by a Bus:Physical Access Attacks with FirewireA. Theodore Markettos, Adam Boileau.
https://security-assessment.com/files/presentations/ab_firewire_rux2k6-final.pdf
Indiening
| Naam | Organisatie | Datum | Releasedatum | Version |
|---|---|---|---|---|
| Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi | Intel Corporation | 4.0 |
Wijzigingen
| Naam | Organisatie | Datum | Opmerking |
|---|---|---|---|
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated References, Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Weakness_Ordinalities |
