CWE-1190
DMA Device Enabled Too Early in Boot Phase
Draft
2020-02-24
00h00 +00:00
00h00 +00:00
2025-12-11
00h00 +00:00
00h00 +00:00
Powiadomienia dla konkretnego CWE
Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CWE.
Nazwa: DMA Device Enabled Too Early in Boot Phase
The product enables a Direct Memory Access (DMA) capable device before the security configuration settings are established, which allows an attacker to extract data from or gain privileges on the product.
Informacje ogólne
Sposoby wprowadzenia
Architecture and DesignOdpowiednie platformy
Język
Class: Not Language-Specific (Undetermined)Technologie
Class: System on Chip (Undetermined)Typowe konsekwencje
| Zakres | Wpływ | Prawdopodobieństwo |
|---|---|---|
| Access Control | Bypass Protection Mechanism, Modify Memory Note: DMA devices have direct write access to main memory and due to time of attack will be able to bypass OS or Bootloader access control. | High |
Potencjalne środki zaradcze
Phases : Architecture and DesignUtilize an IOMMU to orchestrate IO access from the start of the boot process.
Uwagi dotyczące mapowania podatności
Uzasadnienie : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Komentarz : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Powiązane wzorce ataków
| CAPEC-ID | Nazwa wzorca ataku |
|---|---|
| CAPEC-180 | Exploiting Incorrectly Configured Access Control Security Levels
An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack. |
Odniesienia
REF-1038
DMA attackhttps://en.wikipedia.org/wiki/DMA_attack
REF-1039
Thunderclap: Exploring Vulnerabilities in Operating System IOMMU Protection via DMA from Untrustworthy PeripheralsA. Theodore Markettos, Colin Rothwell, Brett F. Gutstein, Allison Pearce, Peter G. Neumann, Simon W. Moore, Robert N. M. Watson.
https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_05A-1_Markettos_paper.pdf
REF-1040
FireWire all your memory are belong to usMaximillian Dornseif, Michael Becher, Christian N. Klein.
http://www.orkspace.net/secdocs/Conferences/CanSecWest/2005/0wn3d%20by%20an%20iPod%20-%20Firewire1394%20Issues.pdf
REF-1041
Integrating DMA attacks in exploitation frameworksRory Breuk, Albert Spruyt, Adam Boileau.
https://www.os3.nl/_media/2011-2012/courses/rp1/p14_report.pdf
REF-1042
Owned by an iPodMaximillian Dornseif.
https://web.archive.org/web/20060505224959/https://pacsec.jp/psj04/psj04-dornseif-e.ppt
REF-1044
My aimful lifeDmytro Oleksiuk.
http://blog.cr4.sh/2015/09/breaking-uefi-security-with-software.html
REF-1046
Hit by a Bus:Physical Access Attacks with FirewireA. Theodore Markettos, Adam Boileau.
https://security-assessment.com/files/presentations/ab_firewire_rux2k6-final.pdf
Zgłoszenie
| Nazwa | Organizacja | Data | Data wydania | Version |
|---|---|---|---|---|
| Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi | Intel Corporation | 4.0 |
Modyfikacje
| Nazwa | Organizacja | Data | Komentarz |
|---|---|---|---|
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated References, Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Weakness_Ordinalities |
