logo

CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations

Incomplete Base
Structure: Simple
Description

This vulnerability occurs when a CPU's hardware is not set up to enforce a strict separation between writing data to memory and executing instructions from it. Without this hardware-level protection, attackers can potentially write malicious code into memory and then run it.

Extended Description

Modern processors include a dedicated hardware mechanism, often a special control bit or a Memory Management Unit (MMU), to create exclusive memory regions. These regions are clearly designated as either for code (executable but not writable) or for data (writable but not executable). This hardware-enforced exclusivity is a foundational security feature that operating systems rely on to prevent code injection attacks. If this hardware feature is missing, disabled, or improperly configured—common in some embedded systems or CPUs without an MMU—the critical barrier between data and code disappears. An attacker can then exploit this by writing malicious instructions into a memory area and subsequently forcing the CPU to execute them, bypassing software-based protections.
Common Consequences 1
Scope: ConfidentialityIntegrity

Impact: Execute Unauthorized Code or Commands
Potential Mitigations 2
Phase: Architecture and Design
Implement a dedicated bit that can be leveraged by the Operating System to mark data areas as non-executable. If such a bit is not available in the CPU, implement MMU/MPU (memory management unit / memory protection unit).
Phase: Integration
If MMU/MPU are not available, then the firewalls need to be implemented in the SoC interconnect to mimic the write-exclusivity operation.
Demonstrative Examples 1
MCS51 Microcontroller (based on 8051) does not have a special bit to support write exclusivity. It also does not have an MMU/MPU support. The Cortex-M CPU has an optional MPU that supports up to 8 regions.

Code Example:

Bad
Other
other
If the MPU is not configured, then an attacker will be able to inject malicious data into memory and execute it.
References 3
Cortex-R4 Manual
ARM
https://developer.arm.com/Processors/Cortex-M4(2023-04-07)
ID: REF-1076
MCS 51 Microcontroller Family User's Manual
Intel
http://web.mit.edu/6.115/www/document/8051.pdf
ID: REF-1077
Memory Protection Unit (MPU)
ARM
https://web.archive.org/web/20200630034848/https://static.docs.arm.com/100699/0100/armv8m_architecture_memory_protection_unit_100699_0100_00_en.pdf(2023-04-07)
ID: REF-1078
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Technologies:
Microcontroller Hardware : UndeterminedProcessor Hardware : Undetermined
Modes of Introduction
Architecture and Design
Related Attack Patterns
Related Weaknesses
ChildOf: Improper Access Control (CWE-284)