BaseDraft

CWE-1316Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges

Category: other

Description

The address map of the on-chip fabric has protected and unprotected regions overlapping, allowing an attacker to bypass access control to the overlapping portion of the protected region.

Common consequences· 1

  • Confidentiality / Integrity / Access Control / Authorization — Bypass Protection Mechanism, Read Memory, Modify Memory

Potential mitigations· 3

  • [Architecture and Design]When architecting the address map of the chip, ensure that protected and unprotected ranges are isolated and do not overlap. When designing, ensure that ranges hardcoded in Register-Transfer Level (RTL) do not overlap.
  • [Implementation]Ranges configured by firmware should not overlap. If overlaps are mandatory because of constraints such as a limited number of registers, then ensure that no assets are present in the overlapped portion.
  • [Testing]Validate mitigation actions with robust testing.

Related CAPEC attack patterns· 2

CAPEC-456CAPEC-679

References

  1. https://cwe.mitre.org/data/definitions/1316.html

Exploits (incoming)2

TypeTargetConfidenceTier
AttackPatternExploitation of Improperly Configured or Implemented Memory Protectionscapec-679100%live
AttackPatternInfected Memorycapec-456100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Handling of Overlap Between Protected Memory Ranges
CWE
Insufficient Granularity of Address Regions Protected by Register Locks
CWE
On-Chip Debug and Test Interface With Improper Access Control
CWE
Power-On of Untrusted Execution Core Before Enabling Fabric Access Control
CWE
Improper Access Control for Register Interface
CWE
Missing Support for Security Features in On-chip Fabrics or Buses
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.