Privilege Separation and Access Control Issues
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to features and mechanisms providing hardware-based isolation and access control (e.g., identity, policy, locking control) of sensitive shared hardware resources such as registers and fuses.
A product's hardware-based access control check occurs after the asset has been accessed.
The product uses memory-mapped I/O registers that act as an interface to hardware functionality from software, but there is improper access control to those registers.
The product allows address regions to overlap, which can result in the bypassing of intended memory protection.
The System-On-a-Chip (SoC) does not properly isolate shared resources between trusted and untrusted agents.
The device includes chicken bits or undocumented features that can create entry points for unauthorized actors.
During installation, installed file permissions are set to allow anyone to modify those files.
The System-on-Chip (SoC) implements a Security Identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entit...
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system fro...
The product defines a large address region protected from modification by the same register lock control bit. This results in a conflict between the functional require...
The lack of protections on alternate paths to access control-protected assets (such as unprotected shadow registers and other external ...
The product implements a security identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. A transact...
On-chip fabrics or buses either do not support or are not configured to support privilege separation or other security features, such as access control.
The device does not write-protect the parametric data values for sensors that scale the sensor value, allowing untrusted software to manipulate the apparent result and...
Hardware structures shared across execution contexts (e.g., caches and branch predictors) can violate the expected architecture isolation between contexts.
The product's hardware-enforced access control for a particular resource improperly accounts for privilege discrepancies between control and write policies.
The product uses an obsolete encoding mechanism to implement access controls.
The System-on-Chip (SoC) does not have unique, immutable identifiers for each of its components.
An unauthorized agent can inject errors into a redundant block to deprive the system of redundancy or put the system in a degraded operating mode.
The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request bef...
This view organizes weaknesses around concepts that are frequently used or encountered in hardware design. Accordingly, this view can align closely with the perspectiv...