CWE-1261
00h00 +00:00
00h00 +00:00
Name: Improper Handling of Single Event Upsets
CWE Description
Technology trends such as CMOS-transistor down-sizing, use of new materials, and system-on-chip architectures continue to increase the sensitivity of systems to soft errors. These errors are random, and their causes might be internal (e.g., interconnect coupling) or external (e.g., cosmic radiation). These soft errors are not permanent in nature and cause temporary bit flips known as single-event upsets (SEUs). SEUs are induced errors in circuits caused when charged particles lose energy by ionizing the medium through which they pass, leaving behind a wake of electron-hole pairs that cause temporary failures. If these failures occur in security-sensitive modules in a chip, it might compromise the security guarantees of the chip. For instance, these temporary failures could be bit flips that change the privilege of a regular user to root.
General Informations
Modes Of Introduction
Architecture and DesignImplementation
Applicable Platforms
Language
Class: Not Language-Specific (Undetermined)Operating Systems
Class: Not OS-Specific (Undetermined)Architectures
Class: Not Architecture-Specific (Undetermined)Technologies
Class: Not Technology-Specific (Undetermined)Common Consequences
| Scope | Impact | Likelihood |
|---|---|---|
| Availability Access Control | DoS: Crash, Exit, or Restart, DoS: Instability, Gain Privileges or Assume Identity, Bypass Protection Mechanism |
Potential Mitigations
Phases : Architecture and DesignImplement triple-modular redundancy around security-sensitive modules.
Phases : Architecture and Design
SEUs mostly affect SRAMs. For SRAMs storing security-critical data, implement Error-Correcting-Codes (ECC) and Address Interleaving.
Vulnerability Mapping Notes
Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Comment : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
References
REF-1086
Single Event Upset: An Embedded TutorialFan Wang, Vishwani D. Agrawal.
https://www.eng.auburn.edu/~agrawvd/TALKS/tutorial_6pg.pdf
REF-1087
Single Event Upsets in Implantable Cardioverter DefibrillatorsP. D. Bradley, E. Normand.
https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=736549&tag=1
REF-1088
Single Event Effects in FPGA Devices 2015-2016Melanie Berg, Kenneth LaBel, Jonathan Pellish.
https://ntrs.nasa.gov/search.jsp?R=20160007754
REF-1089
Cisco 12000 Single Event Upset Failures Overview and Work Around SummaryCisco.
https://www.cisco.com/c/en/us/support/docs/field-notices/200/fn25994.html
REF-1090
Different Ways to Mitigate Soft Errors in Asynchronous SRAMs - KBA90939Cypress.
https://community.infineon.com/t5/Knowledge-Base-Articles/Different-Ways-to-Mitigate-Soft-Errors-in-Asynchronous-SRAMs-KBA90939/ta-p/257944
REF-1091
Cosmic particles can change elections and cause plans to fall through the sky, scientists warnIan Johnston.
https://www.independent.co.uk/news/science/subatomic-particles-cosmic-rays-computers-change-elections-planes-autopilot-a7584616.html
REF-1101
The Hard-coded Key to my Heart - Hacking a Pacemaker ProgrammerAnders B. Wilhelmsen, Eivind S. Kristiansen, Marie Moe.
https://anderbw.github.io/2019-08-10-DC27-Biohacking-pacemaker-programmer.pdf
Submission
| Name | Organization | Date | Date release | Version |
|---|---|---|---|---|
| Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi | Intel Corporation | 4.1 |
Modifications
| Name | Organization | Date | Comment |
|---|---|---|---|
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated References, Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes |
