CAPEC-679
Exploitation of Improperly Configured or Implemented Memory Protections
Medium
Draft
2021-10-21
00h00 +00:00
00h00 +00:00
Alerte pour un CAPEC
Stay informed of any changes for a specific CAPEC.
Descriptions CAPEC
An adversary takes advantage of missing or incorrectly configured access control within memory to read/write data or inject malicious code into said memory.
Informations CAPEC
Prerequisites
Access to the hardware being leveraged.Skills Required
Ability to craft malicious code to inject into the memory region.Intricate knowledge of memory structures.
Mitigations
Ensure that protected and unprotected memory ranges are isolated and do not overlap.If memory regions must overlap, leverage memory priority schemes if memory regions can overlap.
Ensure that original and mirrored memory regions apply the same protections.
Ensure immutable code or data is programmed into ROM or write-once memory.
Related Weaknesses
| Weakness Name | |
|---|---|
CWE-1222 |
Insufficient Granularity of Address Regions Protected by Register Locks The product defines a large address region protected from modification by the same register lock control bit. This results in a conflict between the functional requirement that some addresses need to be writable by software during operation and the security requirement that the system configuration lock bit must be set during the boot process. |
CWE-1252 |
CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations The CPU is not configured to provide hardware support for exclusivity of write and execute operations on memory. This allows an attacker to execute data from all of memory. |
CWE-1257 |
Improper Access Control Applied to Mirrored or Aliased Memory Regions Aliased or mirrored memory regions in hardware designs may have inconsistent read/write permissions enforced by the hardware. A possible result is that an untrusted agent is blocked from accessing a memory region but is not blocked from accessing the corresponding aliased memory region. |
CWE-1260 |
Improper Handling of Overlap Between Protected Memory Ranges The product allows address regions to overlap, which can result in the bypassing of intended memory protection. |
CWE-1274 |
Improper Access Control for Volatile Memory Containing Boot Code The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient access control or other protections for the Volatile Memory. |
CWE-1282 |
Assumed-Immutable Data is Stored in Writable Memory Immutable data, such as a first-stage bootloader, device identifiers, and "write-once" configuration settings are stored in writable memory that can be re-programmed or updated in the field. |
CWE-1312 |
Missing Protection for Mirrored Regions in On-Chip Fabric Firewall The firewall in an on-chip fabric protects the main addressed region, but it does not protect any mirrored memory or memory-mapped-IO (MMIO) regions. |
CWE-1316 |
Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges The address map of the on-chip fabric has protected and unprotected regions overlapping, allowing an attacker to bypass access control to the overlapping portion of the protected region. |
CWE-1326 |
Missing Immutable Root of Trust in Hardware A missing immutable root of trust in the hardware results in the ability to bypass secure boot or execute untrusted or adversarial boot code. |
References
REF-687
Cortex-R4 Manualhttps://developer.arm.com/ip-products/processors/cortex-m/cortex-m4
REF-668
Testing for NoSQL Injectionhttps://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.6-Testing_for_NoSQL_Injection
REF-689
Memory Protection Unit (MPU)https://static.docs.arm.com/100699/0100/armv8m_architecture_memory_protection_unit_100699_0100_00_en.pdf
REF-690
The Memory SinkholeChristopher Domas.
https://github.com/xoreaxeaxeax/sinkhole/blob/master/us-15-Domas-TheMemorySinkhole-wp.pdf
REF-691
Address Range Memory Mirroringhttps://www.fujitsu.com/jp/documents/products/software/os/linux/catalog/LinuxConJapan2016-Izumi.pdf
REF-692
BARing the System – New vulnerabilities in Coreboot & UEFI-based SystemsYuriy Bulygin, Oleksandr Bazhaniuk, Andrew Furtak, John Loucaides, Mikhail Gorobets.
https://www.c7zero.info/stuff/REConBrussels2017_BARing_the_system.pdf
Submission
| Name | Organization | Date | Date release |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
2025©
tesweb SA
