BaseDraft

CWE-1312Missing Protection for Mirrored Regions in On-Chip Fabric Firewall

Category: other

Description

The firewall in an on-chip fabric protects the main addressed region, but it does not protect any mirrored memory or memory-mapped-IO (MMIO) regions.

Common consequences· 1

  • Confidentiality / Integrity / Access Control — Modify Memory, Read Memory, Bypass Protection Mechanism

Potential mitigations· 2

  • [Architecture and Design]The fabric firewall should apply the same protections as the original region to the mirrored regions.
  • [Implementation]The fabric firewall should apply the same protections as the original region to the mirrored regions.

Related CAPEC attack patterns· 2

CAPEC-456CAPEC-679

References

  1. https://cwe.mitre.org/data/definitions/1312.html

Exploits (incoming)2

TypeTargetConfidenceTier
AttackPatternExploitation of Improperly Configured or Implemented Memory Protectionscapec-679100%live
AttackPatternInfected Memorycapec-456100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Missing Support for Security Features in On-chip Fabrics or Buses
CWE
Improper Access Control Applied to Mirrored or Aliased Memory Regions
CWE
Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges
CWE
Missing Protection Mechanism for Alternate Hardware Interface
CWE
Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
CWE
Power-On of Untrusted Execution Core Before Enabling Fabric Access Control
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.