Security Flow Issues
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Summary
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to improper design of full-system security flows, including but not limited to secure boot, secure update, and hardware-device attestation.
Weaknesses
The product enables a Direct Memory Access (DMA) capable device before the security configuration settings are established, which allows an attacker to extract data fr...
The hardware logic for error handling and security checks can incorrectly forward data before the security check is complete.
The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient acc...
Missing an ability to patch ROM code may leave a System or System-on-Chip (SoC) in a vulnerable state.
A missing immutable root of trust in the hardware results in the ability to bypass secure boot or execute untrusted or adversarial boot code.
The register contents used for attestation or measurement reporting data to verify boot flow are modifiable by an adversary.
The product enables components that contain untrusted firmware before memory and fabric access controls have been enabled.
Security-version number in hardware is mutable, resulting in the ability to downgrade (roll-back) the boot firmware to vulnerable code versions.
Concepts
This view organizes weaknesses around concepts that are frequently used or encountered in hardware design. Accordingly, this view can align closely with the perspectiv...
Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.