English
Français
Light
Dark
System

CVEFind - Alertes CVE

Restez informé en continue
Créer un compte Ouvrez un compte Simple et Gratuit Se connecter Gérez vos alertes

CWE-1037 Detail

CWE-1037

Processor Optimization Removal or Modification of Security-critical Code
LOW
Incomplete
2018-03-29 00:00 +00:00
2023-06-29 00:00 +00:00
CWE Mitre.org

Alerte pour un CWE

Restez informé de toutes modifications pour un CWE spécifique.
Gestion des alertes

Processor Optimization Removal or Modification of Security-critical Code

The developer builds a security-critical protection mechanism into the software, but the processor optimizes the execution of the program such that the mechanism is removed or modified.

Informations

Modes Of Introduction

Architecture and Design : Optimizations built into the design of the processor can have unintended consequences during the execution of an application.

Applicable Platforms

Language

Class: Not Language-Specific (Rarely)

Technologies

Name: Processor Hardware (Undetermined)

Common Consequences

Scope Impact Likelihood
IntegrityBypass Protection Mechanism

Note: A successful exploitation of this weakness will change the order of an application's execution and will likely be used to bypass specific protection mechanisms. This bypass can be exploited further to potentially read data that should otherwise be unaccessible.		High

Observed Examples

Reference Description
CVE-2017-5715Intel, ARM, and AMD processor optimizations related to speculative execution and branch prediction cause access control checks to be bypassed when placing data into the cache. Often known as "Spectre".
CVE-2017-5753Intel, ARM, and AMD processor optimizations related to speculative execution and branch prediction cause access control checks to be bypassed when placing data into the cache. Often known as "Spectre".
CVE-2017-5754Intel processor optimizations related to speculative execution cause access control checks to be bypassed when placing data into the cache. Often known as "Meltdown".

Detection Methods

White Box

In theory this weakness can be detected through the use of white box testing techniques where specifically crafted test cases are used in conjunction with debuggers to verify the order of statements being executed.
Effectiveness : Opportunistic

Vulnerability Mapping Notes

Rationale : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comments : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Related Attack Patterns

CAPEC-ID Attack Pattern Name
CAPEC-663 Exploitation of Transient Instruction Execution
An adversary exploits a hardware design flaw in a CPU implementation of transient instruction execution to expose sensitive data and bypass/subvert access control over restricted resources. Typically, the adversary conducts a covert channel attack to target non-discarded microarchitectural changes caused by transient executions such as speculative execution, branch prediction, instruction pipelining, and/or out-of-order execution. The transient execution results in a series of instructions (gadgets) which construct covert channel and access/transfer the secret data.

Notes

As of CWE 4.9, members of the CWE Hardware SIG are closely analyzing this entry and others to improve CWE's coverage of transient execution weaknesses, which include issues related to Spectre, Meltdown, and other attacks. Additional investigation may include other weaknesses related to microarchitectural state. As a result, this entry might change significantly in CWE 4.10.

References

REF-11

Spectre Attacks: Exploiting Speculative Execution
Paul Kocher, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, Yuval Yarom.
https://arxiv.org/abs/1801.01203

REF-12

Meltdown
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg.
https://arxiv.org/abs/1801.01207

Submission

Name Organization Date Date Release Version
CWE Content Team MITRE 2018-03-07 +00:00 2018-03-29 +00:00 3.1

Modifications

Name Organization Date Comment
CWE Content Team MITRE 2020-02-24 +00:00 updated Relationships
CWE Content Team MITRE 2020-06-25 +00:00 updated Relationships
CWE Content Team MITRE 2021-03-15 +00:00 updated Related_Attack_Patterns
CWE Content Team MITRE 2022-10-13 +00:00 updated Applicable_Platforms, Maintenance_Notes
CWE Content Team MITRE 2023-04-27 +00:00 updated Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes

Plus d'informations
Cliquez sur le bouton à gauche (OFF), pour autoriser l'inscription de cookie améliorant les fonctionnalités du site. Cliquez sur le bouton à gauche (Tout accepter), pour ne plus autoriser l'inscription de cookie améliorant les fonctionnalités du site.