CWE-1429 Detail

CWE-1429

Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface
Incomplete
2025-04-03
00h00 +00:00
2025-12-11
00h00 +00:00
CWE Mitre.org
Meldingen voor een CWE
Blijf op de hoogte van wijzigingen voor een specifieke CWE.
Meldingen beheren

Naam: Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface

The product has a hardware interface that silently discards operations in situations for which feedback would be security-relevant, such as the timely detection of failures or attacks.

Algemene informatie

Introductiemodi

Architecture and Design
Implementation
Requirements

Toepasselijke platforms

Taal

Name: C (Undetermined)
Name: C++ (Undetermined)
Name: Verilog (Undetermined)
Class: Hardware Description Language (Undetermined)
Class: Not Language-Specific (Undetermined)

Architecturen

Name: ARM (Undetermined)
Name: x86 (Undetermined)
Class: Embedded (Undetermined)

Technologieën

Name: Security Hardware (Undetermined)
Name: Processor Hardware (Undetermined)
Name: Microcontroller Hardware (Undetermined)
Class: System on Chip (Undetermined)

Veelvoorkomende gevolgen

Bereik Impact Waarschijnlijkheid
ConfidentialityRead Memory, Read Files or DirectoriesMedium
IntegrityModify Memory, Modify Files or DirectoriesMedium
AvailabilityDoS: Resource Consumption (Memory), DoS: Crash, Exit, or RestartHigh

Waargenomen voorbeelden

Referenties Beschrijving

[REF-1468]

Open source silicon root of trust (RoT) product does not immediately report when an integrity check fails for memory requests, causing the product to accept and continue processing data [REF-1468]

Mogelijke risicobeperkingen

Phases : Architecture and Design
Phases : Implementation

Detectiemethoden

Automated Static Analysis - Source Code

Effectiviteit : High

Manual Static Analysis - Source Code

Effectiviteit : Moderate

Notities kwetsbaarheidsmapping

Rechtvaardiging : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Opmerking : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Referenties

REF-1468

OpenTitan issue: [rv_core_ibex] Bus errors on integrity check failure
GregAC.
https://github.com/lowRISC/opentitan/issues/11336

Indiening

Naam Organisatie Datum Releasedatum Version
Amisha Srivastava University of Texas at Dallas 2023-12-20 +00:00 2025-04-03 +00:00 4.17

Wijzigingen

Naam Organisatie Datum Opmerking
CWE Content Team MITRE 2025-12-11 +00:00 updated Demonstrative_Examples, Weakness_Ordinalities
De informatie die op CVE Find wordt gepresenteerd, is afkomstig van verschillende zorgvuldig geselecteerde referentiebronnen. CVE-gegevens worden geleverd door MITRE Corporation en de National Vulnerability Database (NVD). De Known Exploited Vulnerabilities (KEV)-catalogus is afkomstig van de Cybersecurity and Infrastructure Security Agency (CISA), terwijl EPSS-scores afkomstig zijn van FIRST.org. Daarnaast worden gegevens over softwarezwakheden (CWE) en veelvoorkomende aanvalspatronen (CAPEC) bijgehouden door MITRE Corporation, en informatie over hardware- en softwareconfiguraties (CPE) wordt geleverd door de NVD.