BaseIncomplete

CWE-1037Processor Optimization Removal or Modification of Security-critical Code

Category: other

Description

The developer builds a security-critical protection mechanism into the software, but the processor optimizes the execution of the program such that the mechanism is removed or modified.

Common consequences· 1

  • Integrity — Bypass Protection Mechanism
    A successful exploitation of this weakness will change the order of an application's execution and will likely be used to bypass specific protection mechanisms. This bypass can be exploited further to potentially read data that should otherwise be unaccessible.

Related CAPEC attack patterns· 1

CAPEC-663

References

  1. https://cwe.mitre.org/data/definitions/1037.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternExploitation of Transient Instruction Executioncapec-663100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Compiler Optimization Removal or Modification of Security-critical Code
CWE
Compiler Removal of Code to Clear Buffers
CWE
Improper Handling of Faults that Lead to Instruction Skips
CWE
Exposure of Sensitive Information during Transient Execution
CWE
Insecure Automated Optimizations
CWE
Missing Ability to Patch ROM Code
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.