Category: Privilege Separation and Access Control Issues
Draft
Summary
Weaknesses in this category are related to features and mechanisms providing hardware-based isolation and access control (e.g., identity, policy, locking control) of sensitive shared hardware resources such as registers and fuses.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1189 | Improper Isolation of Shared Resources on System-on-a-Chip (SoC) | This vulnerability occurs when a System-on-a-Chip (SoC) fails to properly separate shared hardware resources between secure (trusted) and non-secure (untrusted) components. |
| CWE-1192 | Improper Identifier for IP Block used in System-On-Chip (SOC) | This weakness occurs when a System-on-Chip (SoC) lacks a secure, unique, and permanent identifier for its internal hardware components (IP blocks). Without this, the system cannot reliably distinguish between different parts of the chip, leading to security and reliability failures. |
| CWE-1220 | Insufficient Granularity of Access Control | This vulnerability occurs when a system's access controls are too broad, allowing unauthorized users or processes to read or modify sensitive resources. Instead of implementing precise, fine-grained permissions, the security policy uses overly permissive rules that fail to properly restrict access to critical assets like configuration data, keys, or system registers. |
| CWE-1222 | Insufficient Granularity of Address Regions Protected by Register Locks | This vulnerability occurs when a hardware design uses a single lock bit to protect a large, coarse block of memory addresses. This lack of granularity creates a conflict: the system needs to lock critical configuration settings early for security, but software also needs to write to other parts of that same address region during normal operation, which the lock incorrectly prevents. |
| CWE-1242 | Inclusion of Undocumented Features or Chicken Bits | This vulnerability occurs when a hardware device or chip includes undocumented configuration bits (often called 'chicken bits') or hidden features that can disable security controls or enable privileged functions. |
| CWE-1260 | Improper Handling of Overlap Between Protected Memory Ranges | This vulnerability occurs when a system incorrectly allows different memory protection ranges to overlap. This flaw can let attackers bypass security controls and access restricted memory areas. |
| CWE-1262 | Improper Access Control for Register Interface | This vulnerability occurs when a system's hardware registers, which act as a software-to-hardware control panel, lack proper access restrictions. Malicious or flawed software can directly manipulate these registers, leading to unauthorized changes in hardware behavior. |
| CWE-1267 | Policy Uses Obsolete Encoding | This vulnerability occurs when a hardware system uses outdated or deprecated encoding methods to enforce security policies and access controls. |
| CWE-1268 | Policy Privileges are not Assigned Consistently Between Control and Data Agents | This vulnerability occurs when hardware access control policies are inconsistent, allowing an agent with control privileges to modify write permissions even when it shouldn't have direct write access. |
| CWE-1280 | Access Control Check Implemented After Asset is Accessed | This vulnerability occurs when a hardware-based security check runs after the protected resource has already been accessed, creating a dangerous timing window. |
| CWE-1294 | Insecure Security Identifier Mechanism | This vulnerability occurs when a System-on-Chip (SoC) implements a Security Identifier mechanism to control transaction permissions, but the implementation contains flaws that undermine its security. |
| CWE-1299 | Missing Protection Mechanism for Alternate Hardware Interface | This vulnerability occurs when a hardware component's security controls only protect the primary access path, leaving alternate interfaces unprotected. Attackers can bypass intended restrictions by accessing sensitive assets through these unguarded backdoors, such as shadow registers or other external-facing ports. |
| CWE-1302 | Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC) | This vulnerability occurs when a System-On-Chip (SoC) component sends a transaction without its required security identifier. The destination hardware cannot properly verify permissions, leading to unintended access or system failure. |
| CWE-1303 | Non-Transparent Sharing of Microarchitectural Resources | This vulnerability occurs when a processor's internal performance features, like caches and branch predictors, are unintentionally shared between different software contexts. This breaks the expected isolation, allowing data to leak across security boundaries. |
| CWE-1314 | Missing Write Protection for Parametric Data Values | This vulnerability occurs when a hardware device fails to protect the scaling parameters used to convert raw sensor readings. Untrusted software can alter these conversion factors, making dangerous conditions appear safe and potentially leading to hardware damage or system failure. |
| CWE-1318 | Missing Support for Security Features in On-chip Fabrics or Buses | This vulnerability occurs when the communication channels (fabrics or buses) within a chip lack built-in or enabled security features, such as privilege separation or access controls, leaving data transfers unprotected. |
| CWE-1334 | Unauthorized Error Injection Can Degrade Hardware Redundancy | This vulnerability occurs when an attacker without proper permissions can deliberately inject faults into a hardware system's backup components. This action disables the redundancy, forcing the system into a less secure, degraded state. |
| CWE-1420 | Exposure of Sensitive Information during Transient Execution | Transient execution vulnerabilities occur when a processor speculatively runs operations that don't officially commit, potentially leaking sensitive data through covert side channels like cache timing. |
| CWE-276 | Incorrect Default Permissions | This vulnerability occurs when software installation scripts set overly permissive file or directory access rights by default. Instead of restricting write access to authorized users or processes, the installation allows unintended actors to modify, delete, or corrupt critical application files. |
| CWE-441 | Unintended Proxy or Intermediary ('Confused Deputy') | A confused deputy vulnerability occurs when a system receives a request from a client and forwards it to an external destination without properly identifying the original source. This makes the system appear to be the originator of the request, effectively turning it into an unintended proxy for the client. |
| CWE-1194 | Hardware Design | This view organizes weaknesses around concepts that are frequently used or encountered in hardware design. Accordingly, this view can align closely with the perspectives of designers, manufacturers, educators, and assessment vendors. It provides a variety of categories that are intended to simplify navigation, browsing, and mapping. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.