CWE-1190
DMA Device Enabled Too Early in Boot Phase
Draft
2020-02-24
00h00 +00:00
00h00 +00:00
2025-12-11
00h00 +00:00
00h00 +00:00
Notificações para um CWE
Fique informado sobre quaisquer alterações para um CWE específico.
Nome: DMA Device Enabled Too Early in Boot Phase
The product enables a Direct Memory Access (DMA) capable device before the security configuration settings are established, which allows an attacker to extract data from or gain privileges on the product.
Informações Gerais
Modos de Introdução
Architecture and DesignPlataformas Aplicáveis
Linguagem
Class: Not Language-Specific (Undetermined)Tecnologias
Class: System on Chip (Undetermined)Consequências Comuns
| Escopo | Impacto | Probabilidade |
|---|---|---|
| Access Control | Bypass Protection Mechanism, Modify Memory Note: DMA devices have direct write access to main memory and due to time of attack will be able to bypass OS or Bootloader access control. | High |
Mitigações Potenciais
Phases : Architecture and DesignUtilize an IOMMU to orchestrate IO access from the start of the boot process.
Notas de Mapeamento de Vulnerabilidade
Justificativa : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Comentário : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Padrões de Ataque Relacionados
| CAPEC-ID | Nome do Padrão de Ataque |
|---|---|
| CAPEC-180 | Exploiting Incorrectly Configured Access Control Security Levels
An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack. |
Referências
REF-1038
DMA attackhttps://en.wikipedia.org/wiki/DMA_attack
REF-1039
Thunderclap: Exploring Vulnerabilities in Operating System IOMMU Protection via DMA from Untrustworthy PeripheralsA. Theodore Markettos, Colin Rothwell, Brett F. Gutstein, Allison Pearce, Peter G. Neumann, Simon W. Moore, Robert N. M. Watson.
https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_05A-1_Markettos_paper.pdf
REF-1040
FireWire all your memory are belong to usMaximillian Dornseif, Michael Becher, Christian N. Klein.
http://www.orkspace.net/secdocs/Conferences/CanSecWest/2005/0wn3d%20by%20an%20iPod%20-%20Firewire1394%20Issues.pdf
REF-1041
Integrating DMA attacks in exploitation frameworksRory Breuk, Albert Spruyt, Adam Boileau.
https://www.os3.nl/_media/2011-2012/courses/rp1/p14_report.pdf
REF-1042
Owned by an iPodMaximillian Dornseif.
https://web.archive.org/web/20060505224959/https://pacsec.jp/psj04/psj04-dornseif-e.ppt
REF-1044
My aimful lifeDmytro Oleksiuk.
http://blog.cr4.sh/2015/09/breaking-uefi-security-with-software.html
REF-1046
Hit by a Bus:Physical Access Attacks with FirewireA. Theodore Markettos, Adam Boileau.
https://security-assessment.com/files/presentations/ab_firewire_rux2k6-final.pdf
Submissão
| Nome | Organização | Data | Data de lançamento | Version |
|---|---|---|---|---|
| Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi | Intel Corporation | 4.0 |
Modificações
| Nome | Organização | Data | Comentário |
|---|---|---|---|
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated References, Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Weakness_Ordinalities |
