CWE-1231
Improper Prevention of Lock Bit Modification
Stable
2020-02-24
00h00 +00:00
00h00 +00:00
2025-09-09
00h00 +00:00
00h00 +00:00
Powiadomienia dla konkretnego CWE
Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CWE.
Nazwa: Improper Prevention of Lock Bit Modification
The product uses a trusted lock bit for restricting access to registers, address regions, or other resources, but the product does not prevent the value of the lock bit from being modified after it has been set.
Informacje ogólne
Sposoby wprowadzenia
Architecture and Design : Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases.Implementation : Such issues could be introduced during implementation and identified later during Testing or System Configuration phases.
Odpowiednie platformy
Język
Class: Not Language-Specific (Undetermined)Systemy operacyjne
Class: Not OS-Specific (Undetermined)Architektury
Class: Not Architecture-Specific (Undetermined)Technologie
Class: Not Technology-Specific (Undetermined)Typowe konsekwencje
| Zakres | Wpływ | Prawdopodobieństwo |
|---|---|---|
| Access Control | Modify Memory Note: Registers protected by lock bit can be modified even when lock is set. | High |
Zaobserwowane przykłady
| Odniesienia | Opis |
|---|---|
CVE-2017-6283 | chip reset clears critical read/write lock permissions for RSA function |
Potencjalne środki zaradcze
Phases : Architecture and Design // Implementation // TestingMetody wykrywania
Manual Analysis
Set the lock bit. Power cycle the device. Attempt to clear the lock bit. If the information is changed, implement a design fix. Retest. Also, attempt to indirectly clear the lock bit or bypass it.Skuteczność : High
Uwagi dotyczące mapowania podatności
Uzasadnienie : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Komentarz : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Powiązane wzorce ataków
| CAPEC-ID | Nazwa wzorca ataku |
|---|---|
| CAPEC-680 | Exploitation of Improperly Controlled Registers
|
Odniesienia
REF-1350
reglk_wrapper.svhttps://github.com/HACK-EVENT/hackatdac21/blob/b9ecdf6068445d76d6bee692d163fededf7a9d9b/piton/design/chip/tile/ariane/src/reglk/reglk_wrapper.sv#L80C1-L80C48
REF-1351
fix cwe 1199 in reglkhttps://github.com/HACK-EVENT/hackatdac21/commit/5928add42895b57341ae8fc1f9b8351c35aed865#diff-1c2b09dd092a56e5fb2be431a3849e72ff489d2ae4f4a6bb9c0ea6b7d450135aR80
Zgłoszenie
| Nazwa | Organizacja | Data | Data wydania | Version |
|---|---|---|---|---|
| Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi | Intel Corporation | 4.0 |
Modyfikacje
| Nazwa | Organizacja | Data | Komentarz |
|---|---|---|---|
| CWE Content Team | MITRE | updated Demonstrative_Examples | |
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, Description, Detection_Factors, Name, Observed_Examples, Potential_Mitigations, Relationships, Weakness_Ordinalities | |
| CWE Content Team | MITRE | updated Related_Attack_Patterns, Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, References | |
| CWE Content Team | MITRE | updated Demonstrative_Examples | |
| CWE Content Team | MITRE | updated Relationships |
