CWE-1281 Detail

CWE-1281

Sequence of Processor Instructions Leads to Unexpected Behavior
Incomplete
2020-02-24
00h00 +00:00
2023-10-26
00h00 +00:00
CWE Mitre.org
Notifications for a CWE
Stay informed of any changes for a specific CWE.
Notifications manage

Name: Sequence of Processor Instructions Leads to Unexpected Behavior

Specific combinations of processor instructions lead to undesirable behavior such as locking the processor until a hard reset performed.

CWE Description

If the instruction set architecture (ISA) and processor logic are not designed carefully and tested thoroughly, certain combinations of instructions may lead to locking the processor or other unexpected and undesirable behavior. Upon encountering unimplemented instruction opcodes or illegal instruction operands, the processor should throw an exception and carry on without negatively impacting security. However, specific combinations of legal and illegal instructions may cause unexpected behavior with security implications such as allowing unprivileged programs to completely lock the CPU.

General Informations

Modes Of Introduction

Architecture and Design : Unexpected behavior from certain instruction combinations can arise from bugs in the ISA
Implementation : Unexpected behavior from certain instruction combinations can arise because of implementation details such as speculative execution, caching etc.

Applicable Platforms

Language

Class: Not Language-Specific (Undetermined)

Operating Systems

Class: Not OS-Specific (Undetermined)

Architectures

Class: Not Architecture-Specific (Undetermined)

Technologies

Class: Not Technology-Specific (Undetermined)
Name: Processor Hardware (Undetermined)

Common Consequences

Scope Impact Likelihood
Integrity
Availability		Varies by Context

Observed Examples

References Description

CVE-2021-26339

A bug in AMD CPU's core logic allows a potential DoS by using a specific x86 instruction sequence to hang the processor

CVE-1999-1476

A bug in some Intel Pentium processors allow DoS (hang) via an invalid "CMPXCHG8B" instruction, causing a deadlock

Potential Mitigations

Phases : Testing
Implement a rigorous testing strategy that incorporates randomization to explore instruction sequences that are unlikely to appear in normal workloads in order to identify halt and catch fire instruction sequences.
Phases : Patching and Maintenance
Patch operating system to avoid running Halt and Catch Fire type sequences or to mitigate the damage caused by unexpected behavior. See [REF-1108].

Vulnerability Mapping Notes

Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comment : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Related Attack Patterns

CAPEC-ID Attack Pattern Name
CAPEC-212 Functionality Misuse
An adversary leverages a legitimate capability of an application in such a way as to achieve a negative technical impact. The system functionality is not altered or modified but used in a way that was not intended. This is often accomplished through the overuse of a specific functionality or by leveraging functionality with design flaws that enables the adversary to gain access to unauthorized, sensitive data.

References

REF-1094

Breaking the x86 ISA
Christopher Domas.
https://github.com/xoreaxeaxeax/sandsifter/blob/master/references/domas_breaking_the_x86_isa_wp.pdf

REF-1108

Deep Dive: Retpoline: A Branch Target Injection Mitigation
Intel Corporation.
https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/overview.html

REF-1323

Cyrix coma bug
https://en.wikipedia.org/wiki/Cyrix_coma_bug

REF-1324

Undocumented M6800 Instructions
Gary Wheeler.
https://spivey.oriel.ox.ac.uk/wiki/images-corner/1/1a/Undoc6800.pdf

REF-1331

The Pentium F00F Bug
Robert R. Collins.
https://www.drdobbs.com/embedded-systems/the-pentium-f00f-bug/184410555

REF-1342

Hackatdac19 commit_stage.sv
https://github.com/HACK-EVENT/hackatdac19/blob/619e9fb0ef32ee1e01ad76b8732a156572c65700/src/commit_stage.sv#L287:L290

REF-1343

commit_stage.sv
Florian Zaruba, Michael Schaffner, Stefan Mach, Andreas Traber.
https://github.com/openhwgroup/cva6/blob/7951802a0147aedb21e8f2f6dc1e1e9c4ee857a2/src/commit_stage.sv#L296:L301

Submission

Name Organization Date Date release Version
Nicole Fern Cycuity (originally submitted as Tortuga Logic) 2020-05-15 +00:00 2020-02-24 +00:00 4.1

Modifications

Name Organization Date Comment
CWE Content Team MITRE 2020-08-20 +00:00 updated Related_Attack_Patterns
CWE Content Team MITRE 2021-03-15 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2021-07-20 +00:00 updated Name, Observed_Examples
CWE Content Team MITRE 2022-10-13 +00:00 updated Applicable_Platforms, Demonstrative_Examples
CWE Content Team MITRE 2023-04-27 +00:00 updated Demonstrative_Examples, Description, References, Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Demonstrative_Examples, Mapping_Notes, References
CWE Content Team MITRE 2023-10-26 +00:00 updated Demonstrative_Examples, Observed_Examples