BaseStable

CWE-1256Improper Restriction of Software Interfaces to Hardware Features

Category: other

Description

The product provides software-controllable device functionality for capabilities such as power and clock management, but it does not properly limit functionality that can lead to modification of hardware memory or register bits, or the ability to observe physical side channels.

Common consequences· 1

  • Integrity — Modify Memory, Modify Application Data, Bypass Protection Mechanism

Potential mitigations· 1

  • [Architecture and Design, Implementation]

Related CAPEC attack patterns· 2

CAPEC-624CAPEC-625

References

  1. https://cwe.mitre.org/data/definitions/1256.html

Exploits (incoming)2

TypeTargetConfidenceTier
AttackPatternMobile Device Fault Injectioncapec-625100%live
AttackPatternHardware Fault Injectioncapec-624100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Access Control for Register Interface
CWE
Improper Prevention of Lock Bit Modification
CWE
Security-Sensitive Hardware Controls with Missing Lock Bit Protection
CWE
Improper Protection Against Voltage and Clock Glitches
CWE
Insufficient Granularity of Address Regions Protected by Register Locks
CWE
Exposed IOCTL with Insufficient Access Control
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.