CWE-1312
Missing Protection for Mirrored Regions in On-Chip Fabric Firewall
Draft
2020-12-10 00:00 +00:00
2023-06-29 00:00 +00:00
Alerte pour un CWE
Stay informed of any changes for a specific CWE.
Missing Protection for Mirrored Regions in On-Chip Fabric Firewall
The firewall in an on-chip fabric protects the main addressed region, but it does not protect any mirrored memory or memory-mapped-IO (MMIO) regions.
Extended Description
Few fabrics mirror memory and address ranges, where mirrored regions contain copies of the original data. This redundancy is used to achieve fault tolerance. Whatever protections the fabric firewall implements for the original region should also apply to the mirrored regions. If not, an attacker could bypass existing read/write protections by reading from/writing to the mirrored regions to leak or corrupt the original data.
Informations
Modes Of Introduction
Architecture and DesignImplementation
Applicable Platforms
Language
Class: Not Language-Specific (Undetermined)Operating Systems
Class: Not OS-Specific (Undetermined)Architectures
Class: Not Architecture-Specific (Undetermined)Technologies
Class: Not Technology-Specific (Undetermined)Common Consequences
| Scope | Impact | Likelihood |
|---|---|---|
| Confidentiality Integrity Access Control | Modify Memory, Read Memory, Bypass Protection Mechanism |
Potential Mitigations
Phases : Architecture and DesignThe fabric firewall should apply the same protections as the original region to the mirrored regions.
Phases : Implementation
The fabric firewall should apply the same protections as the original region to the mirrored regions.
Detection Methods
Manual Dynamic Analysis
Using an external debugger, send write transactions to mirrored regions to test if original, write-protected regions are modified. Similarly, send read transactions to mirrored regions to test if the original, read-protected signals can be read.Effectiveness : High
Vulnerability Mapping Notes
Rationale : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Comments : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Related Attack Patterns
| CAPEC-ID | Attack Pattern Name |
|---|---|
| CAPEC-456 | Infected Memory An adversary inserts malicious logic into memory enabling them to achieve a negative impact. This logic is often hidden from the user of the system and works behind the scenes to achieve negative impacts. This pattern of attack focuses on systems already fielded and used in operation as opposed to systems that are still under development and part of the supply chain. |
| CAPEC-679 | Exploitation of Improperly Configured or Implemented Memory Protections An adversary takes advantage of missing or incorrectly configured access control within memory to read/write data or inject malicious code into said memory. |
References
REF-1134
Address Range Memory MirroringTaku Izumi, Fujitsu Limited.
https://www.fujitsu.com/jp/documents/products/software/os/linux/catalog/LinuxConJapan2016-Izumi.pdf
Submission
| Name | Organization | Date | Date Release | Version |
|---|---|---|---|---|
| Arun Kanuparthi, Hareesh Khattri, Parbati K. Manna | Intel Corporation | 4.3 |
Modifications
| Name | Organization | Date | Comment |
|---|---|---|---|
| CWE Content Team | MITRE | updated Potential_Mitigations | |
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes |
2024©
tesweb SA
