CWE-1037

Nazwa

Processor Optimization Removal or Modification of Security-critical Code

Prawdopodobieństwo

Niski

Status

Incomplete

Opublikowano

2018-03-29
00h00 +00:00

Zmodyfikowano

2023-06-29
00h00 +00:00

Oficjalne linki

CWE Mitre.org

Powiadomienia dla konkretnego CWE

Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CWE.

Zarządzaj powiadomieniami

Niestandardowe alerty

Aktywuj swoje spersonalizowane alerty!

Aby aktywować alerty, wystarczy zalogować się na swoje bezpłatne konto. Jeśli jeszcze nie jesteś zalogowany, wybierz jedną z poniższych opcji.

Zaloguj się do swojego konta Utwórz bezpłatne konto

Powiadomienia dla konkretnego CWE

Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CWE.

Parametry

Możesz podać tytuł, który będzie widoczny w wysyłanych alertach.

Podaj identyfikator CWE, który chcesz monitorować.

Planowanie

Miesiąc

Obliczanie następnego uruchomienia

Dzień

Dzień tygodnia

Godzina

Minuta

Data utworzenia

Ostatnie wykonanie

Następne wykonanie

Nazwa: Processor Optimization Removal or Modification of Security-critical Code

The developer builds a security-critical protection mechanism into the software, but the processor optimizes the execution of the program such that the mechanism is removed or modified.

Informacje ogólne

Sposoby wprowadzenia

Architecture and Design : Optimizations built into the design of the processor can have unintended consequences during the execution of an application.

Odpowiednie platformy

Język

Class: Not Language-Specific (Rarely)

Technologie

Name: Processor Hardware (Undetermined)

Typowe konsekwencje

Zakres	Wpływ	Prawdopodobieństwo
Integrity	Bypass Protection Mechanism Note: A successful exploitation of this weakness will change the order of an application's execution and will likely be used to bypass specific protection mechanisms. This bypass can be exploited further to potentially read data that should otherwise be unaccessible.	High

Zaobserwowane przykłady

Odniesienia	Opis
CVE-2017-5715	Intel, ARM, and AMD processor optimizations related to speculative execution and branch prediction cause access control checks to be bypassed when placing data into the cache. Often known as "Spectre".
CVE-2017-5753	Intel, ARM, and AMD processor optimizations related to speculative execution and branch prediction cause access control checks to be bypassed when placing data into the cache. Often known as "Spectre".
CVE-2017-5754	Intel processor optimizations related to speculative execution cause access control checks to be bypassed when placing data into the cache. Often known as "Meltdown".

Metody wykrywania

White Box

In theory this weakness can be detected through the use of white box testing techniques where specifically crafted test cases are used in conjunction with debuggers to verify the order of statements being executed.
Skuteczność : Opportunistic

Uwagi dotyczące mapowania podatności

Uzasadnienie : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Komentarz : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Powiązane wzorce ataków

CAPEC-ID	Nazwa wzorca ataku
CAPEC-663	Exploitation of Transient Instruction Execution An adversary exploits a hardware design flaw in a CPU implementation of transient instruction execution to expose sensitive data and bypass/subvert access control over restricted resources. Typically, the adversary conducts a covert channel attack to target non-discarded microarchitectural changes caused by transient executions such as speculative execution, branch prediction, instruction pipelining, and/or out-of-order execution. The transient execution results in a series of instructions (gadgets) which construct covert channel and access/transfer the secret data.

Notatki

As of CWE 4.9, members of the CWE Hardware SIG are closely analyzing this entry and others to improve CWE's coverage of transient execution weaknesses, which include issues related to Spectre, Meltdown, and other attacks. Additional investigation may include other weaknesses related to microarchitectural state. As a result, this entry might change significantly in CWE 4.10.

Odniesienia

REF-11

Spectre Attacks: Exploiting Speculative Execution
Paul Kocher, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, Yuval Yarom.
https://arxiv.org/abs/1801.01203

REF-12

Meltdown
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg.
https://arxiv.org/abs/1801.01207

Zgłoszenie

Nazwa	Organizacja	Data	Data wydania	Version
CWE Content Team	MITRE	2018-03-07 +00:00	2018-03-29 +00:00	3.1

Modyfikacje

Nazwa	Organizacja	Data	Komentarz
CWE Content Team	MITRE	2020-02-24 +00:00	updated Relationships
CWE Content Team	MITRE	2020-06-25 +00:00	updated Relationships
CWE Content Team	MITRE	2021-03-15 +00:00	updated Related_Attack_Patterns
CWE Content Team	MITRE	2022-10-13 +00:00	updated Applicable_Platforms, Maintenance_Notes
CWE Content Team	MITRE	2023-04-27 +00:00	updated Relationships
CWE Content Team	MITRE	2023-06-29 +00:00	updated Mapping_Notes

Szczegóły CWE-1037