logo

Improper Handling of Single Event Upsets

Draft Base
Structure: Simple
Description

This vulnerability occurs when hardware logic fails to properly manage single-event upsets (SEUs), which are temporary bit flips caused by environmental factors.

Extended Description

Modern hardware is becoming more vulnerable to temporary errors called single-event upsets (SEUs). These random bit flips are caused by internal factors like electrical interference or external sources like cosmic radiation. Unlike permanent hardware faults, SEUs are transient but can have serious security consequences if they affect critical system components. When an SEU occurs in a security-sensitive module—such as a privilege manager or cryptographic engine—it can bypass critical protections. For example, a single bit flip might incorrectly elevate a user's privileges or corrupt cryptographic keys. Developers must design hardware logic with detection and correction mechanisms, like parity checks or error-correcting code (ECC) memory, to prevent these temporary failures from compromising system security.
Common Consequences 1
Scope: AvailabilityAccess Control

Impact: DoS: Crash, Exit, or RestartDoS: InstabilityGain Privileges or Assume IdentityBypass Protection Mechanism
Potential Mitigations 2
Phase: Architecture and Design
Implement triple-modular redundancy around security-sensitive modules.
Phase: Architecture and Design
SEUs mostly affect SRAMs. For SRAMs storing security-critical data, implement Error-Correcting-Codes (ECC) and Address Interleaving.
Demonstrative Examples 2
This is an example from [REF-1089]. See the reference for full details of this issue.
Parity is error detecting but not error correcting.

Code Example:

Bad
Other

Due to single-event upsets, bits are flipped in memories. As a result, memory-parity checks fail, which results in restart and a temporary denial of service of two to three minutes.

Code Example:

Good
Other

Using error-correcting codes could have avoided the restart caused by SEUs.

In 2016, a security researcher, who was also a patient using a pacemaker, was on an airplane when a bit flip occurred in the pacemaker, likely due to the higher prevalence of cosmic radiation at such heights. The pacemaker was designed to account for bit flips and went into a default safe mode, which still forced the patient to go to a hospital to get it reset. The bit flip also inadvertently enabled the researcher to access the crash file, perform reverse engineering, and detect a hard-coded key. [REF-1101]
References 7
Single Event Upset: An Embedded Tutorial
Fan Wang and Vishwani D. Agrawal
https://www.eng.auburn.edu/~agrawvd/TALKS/tutorial_6pg.pdf
ID: REF-1086
Single Event Upsets in Implantable Cardioverter Defibrillators
P. D. Bradley and E. Normand
https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=736549&tag=1(2023-04-07)
ID: REF-1087
Single Event Effects in FPGA Devices 2015-2016
Melanie Berg, Kenneth LaBel, and Jonathan Pellish
https://ntrs.nasa.gov/search.jsp?R=20160007754
ID: REF-1088
Cisco 12000 Single Event Upset Failures Overview and Work Around Summary
Cisco
https://www.cisco.com/c/en/us/support/docs/field-notices/200/fn25994.html
ID: REF-1089
Different Ways to Mitigate Soft Errors in Asynchronous SRAMs - KBA90939
Cypress
https://community.infineon.com/t5/Knowledge-Base-Articles/Different-Ways-to-Mitigate-Soft-Errors-in-Asynchronous-SRAMs-KBA90939/ta-p/257944(2023-04-07)
ID: REF-1090
Cosmic particles can change elections and cause plans to fall through the sky, scientists warn
Ian Johnston
https://www.independent.co.uk/news/science/subatomic-particles-cosmic-rays-computers-change-elections-planes-autopilot-a7584616.html
ID: REF-1091
The Hard-coded Key to my Heart - Hacking a Pacemaker Programmer
Anders B. Wilhelmsen, Eivind S. Kristiansen, and Marie Moe
10-08-2019
https://anderbw.github.io/2019-08-10-DC27-Biohacking-pacemaker-programmer.pdf
ID: REF-1101
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Technologies:
Not Technology-Specific : Undetermined
Modes of Introduction
Architecture and Design
Implementation
Related Weaknesses
ChildOf: Improper Handling of Physical or Environmental Conditions (CWE-1384)
PeerOf: Incorrect Comparison Logic Granularity (CWE-1254)