CWE-1264 Detail

CWE-1264

Name

Hardware Logic with Insecure De-Synchronization between Control and Data Channels

Status

Incomplete

Published

2020-02-24
00h00 +00:00

Modified

2023-06-29
00h00 +00:00

Official links

CWE Mitre.org

Notifications for a CWE

Stay informed of any changes for a specific CWE.

Notifications manage

List of Notifications

Notifications for a CWE

Stay informed of any changes for a specific CWE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specify the CWE ID you wish to monitor.

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

Name: Hardware Logic with Insecure De-Synchronization between Control and Data Channels

The hardware logic for error handling and security checks can incorrectly forward data before the security check is complete.

CWE Description

Many high-performance on-chip bus protocols and processor data-paths employ separate channels for control and data to increase parallelism and maximize throughput. Bugs in the hardware logic that handle errors and security checks can make it possible for data to be forwarded before the completion of the security checks. If the data can propagate to a location in the hardware observable to an attacker, loss of data confidentiality can occur. 'Meltdown' is a concrete example of how de-synchronization between data and permissions checking logic can violate confidentiality requirements. Data loaded from a page marked as privileged was returned to the cpu regardless of current privilege level for performance reasons. The assumption was that the cpu could later remove all traces of this data during the handling of the illegal memory access exception, but this assumption was proven false as traces of the secret data were not removed from the microarchitectural state.

General Informations

Modes Of Introduction

Architecture and Design : The weakness can be introduced in the data transfer or bus protocol itself or in the implementation.
Implementation

Applicable Platforms

Language

Class: Not Language-Specific (Undetermined)

Operating Systems

Class: Not OS-Specific (Undetermined)

Architectures

Class: Not Architecture-Specific (Undetermined)

Technologies

Class: Not Technology-Specific (Undetermined)

Common Consequences

Scope	Impact	Likelihood
Confidentiality	Read Memory, Read Application Data

Observed Examples

References	Description
CVE-2017-5754	Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

Potential Mitigations

Phases : Architecture and Design

Thoroughly verify the data routing logic to ensure that any error handling or security checks effectively block illegal dataflows.

Vulnerability Mapping Notes

Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comment : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Related Attack Patterns

CAPEC-ID	Attack Pattern Name
CAPEC-233	Privilege Escalation An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
CAPEC-663	Exploitation of Transient Instruction Execution An adversary exploits a hardware design flaw in a CPU implementation of transient instruction execution to expose sensitive data and bypass/subvert access control over restricted resources. Typically, the adversary conducts a covert channel attack to target non-discarded microarchitectural changes caused by transient executions such as speculative execution, branch prediction, instruction pipelining, and/or out-of-order execution. The transient execution results in a series of instructions (gadgets) which construct covert channel and access/transfer the secret data.

NotesNotes

As of CWE 4.9, members of the CWE Hardware SIG are closely analyzing this entry and others to improve CWE's coverage of transient execution weaknesses, which include issues related to Spectre, Meltdown, and other attacks. Additional investigation may include other weaknesses related to microarchitectural state. As a result, this entry might change significantly in CWE 4.10.

Submission

Name	Organization	Date	Date release	Version
Nicole Fern	Cycuity (originally submitted as Tortuga Logic)	2020-05-22 +00:00	2020-02-24 +00:00	4.1

Modifications

Name	Organization	Date	Comment
CWE Content Team	MITRE	2020-08-20 +00:00	updated Description, Related_Attack_Patterns
CWE Content Team	MITRE	2021-07-20 +00:00	updated Related_Attack_Patterns
CWE Content Team	MITRE	2021-10-28 +00:00	updated Weakness_Ordinalities
CWE Content Team	MITRE	2022-10-13 +00:00	updated Maintenance_Notes
CWE Content Team	MITRE	2023-04-27 +00:00	updated Relationships
CWE Content Team	MITRE	2023-06-29 +00:00	updated Mapping_Notes