logo

Improper Isolation of Shared Resources on System-on-a-Chip (SoC)

Stable Base
Structure: Simple
Description

This vulnerability occurs when a System-on-a-Chip (SoC) fails to properly separate shared hardware resources between secure (trusted) and non-secure (untrusted) components.

Extended Description

Modern SoCs pack many features but have a limited number of physical connections (pins). To overcome this, they use a technique called pin multiplexing, where a single pin can be configured for different functions at different times. Similarly, internal resources like memory buses or hardware accelerators are often shared across the chip. When these shared resources aren't rigorously isolated, an untrusted agent (like a low-privilege app or peripheral) can potentially access or interfere with resources reserved for trusted system functions, leading to data leaks or system compromise. For developers, this means security cannot rely solely on software boundaries; hardware-level isolation mechanisms must be correctly configured and audited. Managing these low-level configurations at scale across an entire product fleet is challenging. An ASPM platform like Plexicus can help by detecting such insecure hardware/software interactions and providing prioritized, actionable insights for remediation across your entire application stack.
Common Consequences 2
Scope: Access Control

Impact: Bypass Protection Mechanism

If resources being used by a trusted user are shared with an untrusted user, the untrusted user may be able to modify the functionality of the shared resource of the trusted user.

Scope: Integrity

Impact: Quality Degradation

The functionality of the shared resource may be intentionally degraded.
Detection Methods 1
Automated Dynamic AnalysisHigh
Pre-silicon / post-silicon: Test access to shared systems resources (memory ranges, control registers, etc.) from untrusted software to verify that the assets are not incorrectly exposed to untrusted agents. Note that access to shared resources can be dynamically allowed or revoked based on system flows. Security testing should cover such dynamic shared resource allocation and access control modification flows.
Potential Mitigations 1
Phase: Architecture and Design

Strategy: Separation of Privilege

When sharing resources, avoid mixing agents of varying trust levels. Untrusted agents should not share resources with trusted agents.
Demonstrative Examples 1
Consider the following SoC design. The Hardware Root of Trust (HRoT) local SRAM is memory mapped in the core{0-N} address space. The HRoT allows or disallows access to private memory ranges, thus allowing the sram to function as a mailbox for communication between untrusted and trusted HRoT partitions.
We assume that the threat is from malicious software in the untrusted domain. We assume this software has access to the core{0-N} memory map and can be running at any privilege level on the untrusted cores. The capability of this threat in this example is communication to and from the mailbox region of SRAM modulated by the hrot_iface. To address this threat, information must not enter or exit the shared region of SRAM through hrot_iface when in secure or privileged mode.
Observed Examples 2
CVE-2020-8698Processor has improper isolation of shared resources allowing for information disclosure.
CVE-2019-6260Baseboard Management Controller (BMC) device implements Advanced High-performance Bus (AHB) bridges that do not require authentication for arbitrary read and write access to the BMC's physical address space from the host, and possibly the network [REF-1138].
References 2
Ghost in the PLC Designing an Undetectable Programmable Logic Controller Rootkit via Pin Control Attack
Ali Abbasi and Majid Hashemi
2016
https://www.blackhat.com/docs/eu-16/materials/eu-16-Abbasi-Ghost-In-The-PLC-Designing-An-Undetectable-Programmable-Logic-Controller-Rootkit-wp.pdf
ID: REF-1036
CVE-2019-6260: Gaining control of BMC from the host processor
Stewart Smith
2019
https://www.flamingspork.com/blog/2019/01/23/cve-2019-6260:-gaining-control-of-bmc-from-the-host-processor/(2025-07-29)
ID: REF-1138
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Technologies:
System on Chip : Undetermined
Modes of Introduction
Architecture and Design
Implementation
Related Attack Patterns
Related Weaknesses
ChildOf: Improper Isolation or Compartmentalization (CWE-653)
ChildOf: Exposure of Resource to Wrong Sphere (CWE-668)
PeerOf: Improper Isolation of Shared Resources in Network On Chip (NoC) (CWE-1331)