CWE-1276 Detail

Signals between a hardware IP and the parent system design are incorrectly connected causing security risks.

Individual hardware IP must communicate with the parent system in order for the product to function correctly and as intended. If implemented incorrectly, while not causing any apparent functional issues, may cause security issues. For example, if the IP should only be reset by a system-wide hard reset, but instead the reset input is connected to a software-triggered debug mode reset (which is also asserted during a hard reset), integrity of data inside the IP can be violated.

Modes Of Introduction

Implementation : This weakness is introduced when integrating IP into a parent design.

Applicable Platforms

Language

Class: Not Language-Specific (Undetermined)

Operating Systems

Class: Not OS-Specific (Undetermined)

Architectures

Class: Not Architecture-Specific (Undetermined)

Technologies

Class: Not Technology-Specific (Undetermined)

Common Consequences

Potential Mitigations

Phases : Testing
System-level verification may be used to ensure that components are correctly connected and that design security requirements are not violated due to interactions between various IP blocks.

Vulnerability Mapping Notes

Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comment : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

References

REF-1362

ariane.sv
https://github.com/HACK-EVENT/hackatdac21/blob/b9ecdf6068445d76d6bee692d163fededf7a9d9b/piton/design/chip/tile/ariane/src/ariane.sv#L539:L540

REF-1363

Fix CWE-1276
https://github.com/HACK-EVENT/hackatdac21/blob/9a796ee83e21f59476d4b0a68ec3d8e8d5148214/piton/design/chip/tile/ariane/src/ariane.sv#L539:L540

Submission

Modifications