CWE-1231
Improper Prevention of Lock Bit Modification
Stable
2020-02-24
00h00 +00:00
00h00 +00:00
2025-09-09
00h00 +00:00
00h00 +00:00
Notificações para um CWE
Fique informado sobre quaisquer alterações para um CWE específico.
Nome: Improper Prevention of Lock Bit Modification
The product uses a trusted lock bit for restricting access to registers, address regions, or other resources, but the product does not prevent the value of the lock bit from being modified after it has been set.
Informações Gerais
Modos de Introdução
Architecture and Design : Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases.Implementation : Such issues could be introduced during implementation and identified later during Testing or System Configuration phases.
Plataformas Aplicáveis
Linguagem
Class: Not Language-Specific (Undetermined)Sistemas Operacionais
Class: Not OS-Specific (Undetermined)Arquiteturas
Class: Not Architecture-Specific (Undetermined)Tecnologias
Class: Not Technology-Specific (Undetermined)Consequências Comuns
| Escopo | Impacto | Probabilidade |
|---|---|---|
| Access Control | Modify Memory Note: Registers protected by lock bit can be modified even when lock is set. | High |
Exemplos Observados
| Referências | Descrição |
|---|---|
CVE-2017-6283 | chip reset clears critical read/write lock permissions for RSA function |
Mitigações Potenciais
Phases : Architecture and Design // Implementation // TestingMétodos de Detecção
Manual Analysis
Set the lock bit. Power cycle the device. Attempt to clear the lock bit. If the information is changed, implement a design fix. Retest. Also, attempt to indirectly clear the lock bit or bypass it.Eficácia : High
Notas de Mapeamento de Vulnerabilidade
Justificativa : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Comentário : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Padrões de Ataque Relacionados
| CAPEC-ID | Nome do Padrão de Ataque |
|---|---|
| CAPEC-680 | Exploitation of Improperly Controlled Registers
|
Referências
REF-1350
reglk_wrapper.svhttps://github.com/HACK-EVENT/hackatdac21/blob/b9ecdf6068445d76d6bee692d163fededf7a9d9b/piton/design/chip/tile/ariane/src/reglk/reglk_wrapper.sv#L80C1-L80C48
REF-1351
fix cwe 1199 in reglkhttps://github.com/HACK-EVENT/hackatdac21/commit/5928add42895b57341ae8fc1f9b8351c35aed865#diff-1c2b09dd092a56e5fb2be431a3849e72ff489d2ae4f4a6bb9c0ea6b7d450135aR80
Submissão
| Nome | Organização | Data | Data de lançamento | Version |
|---|---|---|---|---|
| Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi | Intel Corporation | 4.0 |
Modificações
| Nome | Organização | Data | Comentário |
|---|---|---|---|
| CWE Content Team | MITRE | updated Demonstrative_Examples | |
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, Description, Detection_Factors, Name, Observed_Examples, Potential_Mitigations, Relationships, Weakness_Ordinalities | |
| CWE Content Team | MITRE | updated Related_Attack_Patterns, Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, References | |
| CWE Content Team | MITRE | updated Demonstrative_Examples | |
| CWE Content Team | MITRE | updated Relationships |
