Modes Of Introduction
Architecture and Design
Implementation
Applicable Platforms
Language
Class: Not Language-Specific (Undetermined)
Operating Systems
Class: Not OS-Specific (Undetermined)
Architectures
Class: Not Architecture-Specific (Undetermined)
Technologies
Class: Not Technology-Specific (Undetermined)
Common Consequences
Scope |
Impact |
Likelihood |
Access Control | Modify Memory | High |
Potential Mitigations
Phases : Architecture and Design // Implementation // Testing
- Security Lock bit protections should be reviewed for behavior across supported power state transitions.
- Security lock programming flow and lock properties should be tested in pre-silicon and post-silicon testing including testing across power transitions.
Vulnerability Mapping Notes
Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comment : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Related Attack Patterns
CAPEC-ID |
Attack Pattern Name |
CAPEC-166 |
Force the System to Reset Values An attacker forces the target into a previous state in order to leverage potential weaknesses in the target dependent upon a prior configuration or state-dependent factors. Even in cases where an attacker may not be able to directly control the configuration of the targeted application, they may be able to reset the configuration to a prior state since many applications implement reset functions. |
References
REF-1432
reglk_wrapper.sv
https://github.com/HACK-EVENT/hackatdac21/blob/65d0ffdab7426da4509c98d62e163bcce642f651/piton/design/chip/tile/ariane/src/reglk/reglk_wrapper.sv#L39C1-L39C1 REF-1433
Bad Code reglk_wrapper.sv
https://github.com/HACK-EVENT/hackatdac21/blob/65d0ffdab7426da4509c98d62e163bcce642f651/piton/design/chip/tile/ariane/src/reglk/reglk_wrapper.sv#L78C1-L85C16 REF-1434
Good Code reglk_wrapper.sv
https://github.com/HACK-EVENT/hackatdac21/blob/5e2031fd3854bcc0b2ca11d13442542dd5ea98e0/piton/design/chip/tile/ariane/src/reglk/reglk_wrapper.sv#L83
Submission
Name |
Organization |
Date |
Date release |
Version |
Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi |
Intel Corporation |
2020-01-15 +00:00 |
2020-02-24 +00:00 |
4.0 |
Modifications
Name |
Organization |
Date |
Comment |
CWE Content Team |
MITRE |
2020-08-20 +00:00 |
updated Common_Consequences, Demonstrative_Examples, Description, Modes_of_Introduction, Potential_Mitigations, Related_Attack_Patterns |
CWE Content Team |
MITRE |
2021-03-15 +00:00 |
updated Description |
CWE Content Team |
MITRE |
2023-04-27 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2023-06-29 +00:00 |
updated Mapping_Notes |
CWE Content Team |
MITRE |
2024-07-16 +00:00 |
updated Demonstrative_Examples, References |