Category: Privilege Separation and Access Control Issues
Draft
Summary
Weaknesses in this category are related to features and mechanisms providing hardware-based isolation and access control (e.g., identity, policy, locking control) of sensitive shared hardware resources such as registers and fuses.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1189 | Improper Isolation of Shared Resources on System-on-a-Chip (SoC) | The System-On-a-Chip (SoC) does not properly isolate shared resources between trusted and untrusted agents. |
| CWE-1192 | Improper Identifier for IP Block used in System-On-Chip (SOC) | The System-on-Chip (SoC) does not have unique, immutable identifiers for each of its components. |
| CWE-1220 | Insufficient Granularity of Access Control | The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets. |
| CWE-1222 | Insufficient Granularity of Address Regions Protected by Register Locks | The product defines a large address region protected from modification by the same register lock control bit. This results in a conflict between the functional requirement that some addresses need to be writable by software during operation and the security requirement that the system configuration lock bit must be set during the boot process. |
| CWE-1242 | Inclusion of Undocumented Features or Chicken Bits | The device includes chicken bits or undocumented features that can create entry points for unauthorized actors. |
| CWE-1260 | Improper Handling of Overlap Between Protected Memory Ranges | The product allows address regions to overlap, which can result in the bypassing of intended memory protection. |
| CWE-1262 | Improper Access Control for Register Interface | The product uses memory-mapped I/O registers that act as an interface to hardware functionality from software, but there is improper access control to those registers. |
| CWE-1267 | Policy Uses Obsolete Encoding | The product uses an obsolete encoding mechanism to implement access controls. |
| CWE-1268 | Policy Privileges are not Assigned Consistently Between Control and Data Agents | The product's hardware-enforced access control for a particular resource improperly accounts for privilege discrepancies between control and write policies. |
| CWE-1280 | Access Control Check Implemented After Asset is Accessed | A product's hardware-based access control check occurs after the asset has been accessed. |
| CWE-1294 | Insecure Security Identifier Mechanism | The System-on-Chip (SoC) implements a Security Identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Identifiers are not correctly implemented. |
| CWE-1299 | Missing Protection Mechanism for Alternate Hardware Interface | The lack of protections on alternate paths to access control-protected assets (such as unprotected shadow registers and other external facing unguarded interfaces) allows an attacker to bypass existing protections to the asset that are only performed against the primary path. |
| CWE-1302 | Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC) | The product implements a security identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. A transaction is sent without a security identifier. |
| CWE-1303 | Non-Transparent Sharing of Microarchitectural Resources | Hardware structures shared across execution contexts (e.g., caches and branch predictors) can violate the expected architecture isolation between contexts. |
| CWE-1314 | Missing Write Protection for Parametric Data Values | The device does not write-protect the parametric data values for sensors that scale the sensor value, allowing untrusted software to manipulate the apparent result and potentially damage hardware or cause operational failure. |
| CWE-1318 | Missing Support for Security Features in On-chip Fabrics or Buses | On-chip fabrics or buses either do not support or are not configured to support privilege separation or other security features, such as access control. |
| CWE-1334 | Unauthorized Error Injection Can Degrade Hardware Redundancy | An unauthorized agent can inject errors into a redundant block to deprive the system of redundancy or put the system in a degraded operating mode. |
| CWE-1420 | Exposure of Sensitive Information during Transient Execution | A processor event or prediction may allow incorrect operations (or correct operations with incorrect data) to execute transiently, potentially exposing data over a covert channel. |
| CWE-276 | Incorrect Default Permissions | During installation, installed file permissions are set to allow anyone to modify those files. |
| CWE-441 | Unintended Proxy or Intermediary ('Confused Deputy') | The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor. |
| CWE-1194 | Hardware Design | This view organizes weaknesses around concepts that are frequently used or encountered in hardware design. Accordingly, this view can align closely with the perspectives of designers, manufacturers, educators, and assessment vendors. It provides a variety of categories that are intended to simplify navigation, browsing, and mapping. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.