Security Flow Issues

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

Weaknesses in this category are related to improper design of full-system security flows, including but not limited to secure boot, secure update, and hardware-device attestation.

Weaknesses

DMA Device Enabled Too Early in Boot Phase

The product enables a Direct Memory Access (DMA) capable device before the security configuration settings are established, which allows an attacker to extract data fr...

Hardware Logic with Insecure De-Synchronization between Control and Data Channels

The hardware logic for error handling and security checks can incorrectly forward data before the security check is complete.

Improper Access Control for Volatile Memory Containing Boot Code

The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient acc...

Missing Ability to Patch ROM Code

Missing an ability to patch ROM code may leave a System or System-on-Chip (SoC) in a vulnerable state.

Missing Immutable Root of Trust in Hardware

A missing immutable root of trust in the hardware results in the ability to bypass secure boot or execute untrusted or adversarial boot code.

Mutable Attestation or Measurement Reporting Data

The register contents used for attestation or measurement reporting data to verify boot flow are modifiable by an adversary.

Power-On of Untrusted Execution Core Before Enabling Fabric Access Control

The product enables components that contain untrusted firmware before memory and fabric access controls have been enabled.

Security Version Number Mutable to Older Versions

Security-version number in hardware is mutable, resulting in the ability to downgrade (roll-back) the boot firmware to vulnerable code versions.

Concepts

Hardware Design

This view organizes weaknesses around concepts that are frequently used or encountered in hardware design. Accordingly, this view can align closely with the perspectiv...


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.