Hardware Logic with Insecure De-Synchronization between Control and Data Channels

Incomplete Base

Structure: Simple

Description

This vulnerability occurs when a hardware design incorrectly forwards data before its security or permission checks have finished processing. It's a timing flaw where the data channel gets ahead of the control channel, potentially leaking information.

Extended Description

Modern hardware often uses separate control and data channels to boost performance. A bug in the logic that manages errors and security can allow data to 'race ahead' and be used or observed before the system confirms it's safe to do so. This desynchronization creates a critical window where unauthorized data access can happen. The real-world impact is a loss of data confidentiality, as seen in exploits like Meltdown. In that case, a CPU speculatively loaded privileged data for performance, assuming it could clean up all traces if the access was later deemed illegal. However, secret data remained in the microarchitectural state, proving that assumption false and allowing attackers to retrieve it.

Common Consequences 1

Scope: Confidentiality

Impact: Read MemoryRead Application Data

Potential Mitigations 1

Phase: Architecture and Design

Thoroughly verify the data routing logic to ensure that any error handling or security checks effectively block illegal dataflows.

Demonstrative Examples 1

There are several standard on-chip bus protocols used in modern SoCs to allow communication between components. There are a wide variety of commercially available hardware IP implementing the interconnect logic for these protocols. A bus connects components which initiate/request communications such as processors and DMA controllers (bus masters) with peripherals which respond to requests. In a typical system, the privilege level or security designation of the bus master along with the intended functionality of each peripheral determine the security policy specifying which specific bus masters can access specific peripherals. This security policy (commonly referred to as a bus firewall) can be enforced using separate IP/logic from the actual interconnect responsible for the data routing.

Code Example:

Bad

Other

The firewall and data routing logic becomes de-synchronized due to a hardware logic bug allowing components that should not be allowed to communicate to share data. For example, consider an SoC with two processors. One is being used as a root of trust and can access a cryptographic key storage peripheral. The other processor (application cpu) may run potentially untrusted code and should not access the key store. If the application cpu can issue a read request to the key store which is not blocked due to de-synchronization of data routing and the bus firewall, disclosure of cryptographic keys is possible.

Code Example:

Good

Other

All data is correctly buffered inside the interconnect until the firewall has determined that the endpoint is allowed to receive the data.

Observed Examples 1

CVE-2017-5754Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

Applicable Platforms

Languages:

Not Language-Specific : Undetermined

Technologies:

Not Technology-Specific : Undetermined

Modes of Introduction

Architecture and Design

Implementation

Related Attack Patterns

Related Weaknesses

ChildOf:

Incorrect Synchronization (CWE-821)

PeerOf:

Processor Optimization Removal or Modification of Security-critical Code (CWE-1037)

Notes

MaintenanceAs of CWE 4.9, members of the CWE Hardware SIG are closely analyzing this entry and others to improve CWE's coverage of transient execution weaknesses, which include issues related to Spectre, Meltdown, and other attacks. Additional investigation may include other weaknesses related to microarchitectural state. As a result, this entry might change significantly in CWE 4.10.