Category: Peripherals, On-chip Fabric, and Interface/IO Problems
Draft
Summary
Weaknesses in this category are related to hardware security problems that apply to peripheral devices, IO interfaces, on-chip interconnects, network-on-chip (NoC), and buses. For example, this category includes issues related to design of hardware interconnect and/or protocols such as PCIe, USB, SMBUS, general-purpose IO pins, and user-input peripherals such as mouse and keyboard.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1311 | Improper Translation of Security Attributes by Fabric Bridge | This vulnerability occurs when a hardware bridge incorrectly converts security attributes between different fabric protocols, potentially changing a transaction's identity from trusted to untrusted or vice versa during protocol translation. |
| CWE-1312 | Missing Protection for Mirrored Regions in On-Chip Fabric Firewall | An on-chip fabric firewall fails to apply its security rules to mirrored memory or MMIO regions, only protecting the primary address range. This allows attackers to bypass read/write restrictions by targeting the unprotected mirrored copies. |
| CWE-1315 | Improper Setting of Bus Controlling Capability in Fabric End-point | This vulnerability occurs when a hardware fabric endpoint is incorrectly configured to grant bus controller privileges to a device that should only respond to requests. This allows an unauthorized device to initiate and control data transactions across the system bus. |
| CWE-1316 | Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges | This vulnerability occurs when a hardware fabric's address map incorrectly allows protected and unprotected memory regions to overlap. Attackers can exploit this overlap to bypass security controls and access restricted data or functions. |
| CWE-1317 | Improper Access Control in Fabric Bridge | This vulnerability occurs when a hardware fabric bridge, which connects different IP blocks on a chip, fails to properly verify access permissions for transactions passing through it. The bridge forwards requests without checking the master's privilege level or the hardware identity, effectively bypassing critical security controls. |
| CWE-1331 | Improper Isolation of Shared Resources in Network On Chip (NoC) | This vulnerability occurs when a Network on Chip (NoC) fails to properly separate its internal, shared resources—like buffers, switches, and channels—between trusted and untrusted components. This lack of isolation creates a timing side-channel, allowing untrusted agents to potentially infer sensitive data from trusted ones. |
| CWE-1194 | Hardware Design | This view organizes weaknesses around concepts that are frequently used or encountered in hardware design. Accordingly, this view can align closely with the perspectives of designers, manufacturers, educators, and assessment vendors. It provides a variety of categories that are intended to simplify navigation, browsing, and mapping. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.