BaseIncomplete

CWE-1290Incorrect Decoding of Security Identifiers

Category: other

Description

The product implements a decoding mechanism to decode certain bus-transaction signals to security identifiers. If the decoding is implemented incorrectly, then untrusted agents can now gain unauthorized access to the asset.

Common consequences· 1

  • Confidentiality / Integrity / Availability / Access Control — Modify Memory, Read Memory, DoS: Resource Consumption (Other), Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Quality Degradation

Potential mitigations· 2

  • [Architecture and Design]Security identifier decoders must be reviewed for design consistency and common weaknesses.
  • [Implementation]Access and programming flows must be tested in pre-silicon and post-silicon testing in order to check for this weakness.

References

  1. https://cwe.mitre.org/data/definitions/1290.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Incorrect Conversion of Security Identifiers
CWE
Hardware Logic with Insecure De-Synchronization between Control and Data Channels
CWE
Improper Validation of Integrity Check Value
CWE
Internal Asset Exposed to Unsafe Debug Access Level or State
CWE
Insecure Security Identifier Mechanism
CWE
Incorrect Implementation of Authentication Algorithm
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.