BaseDraft

CWE-1298Hardware Logic Contains Race Conditions

Category: logic

Description

A race condition in the hardware logic results in undermining security guarantees of the system.

Common consequences· 1

  • Access Control — Bypass Protection Mechanism, Gain Privileges or Assume Identity, Alter Execution Logic

Potential mitigations· 2

  • [Architecture and Design]Adopting design practices that encourage designers to recognize and eliminate race conditions, such as Karnaugh maps, could result in the decrease in occurrences of race conditions.
  • [Implementation]Logic redundancy can be implemented along security critical paths to prevent race conditions. To avoid metastability, it is a good practice in general to default to a secure state in which access is not given to untrusted agents.

Related CAPEC attack patterns· 1

CAPEC-26

References

  1. https://cwe.mitre.org/data/definitions/1298.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternLeveraging Race Conditionscapec-26100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Hardware Logic with Insecure De-Synchronization between Control and Data Channels
CWE
Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
CWE
Improper Finite State Machines (FSMs) in Hardware Logic
CWE
Improper Protection Against Voltage and Clock Glitches
CWE
Improper Handling of Single Event Upsets
CWE
Improper Handling of Faults that Lead to Instruction Skips
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.