CWE - CWE-1274: Improper Access Control for Volatile Memory Containing Boot Code (4.10)

Weakness ID: 1274

抽象：根据
Structure:Simple

查看自定义信息：

描述

该产品执行了一个安全的启动过程，该过程将引导加载程序从非易失性存储器（NVM）传输到挥发性内存（VM），但没有足够的访问控制或用于挥发性内存的其他保护措施。

扩展描述

对手可以绕过安全启动流程并执行自己的不信任的恶意引导代码。

As a part of a secure-boot process, the read-only-memory (ROM) code for a System-on-Chip (SoC) or other system fetches bootloader code from Non-Volatile Memory (NVM) and stores the code in Volatile Memory (VM), such as dynamic, random-access memory (DRAM) or static, random-access memory (SRAM). The NVM is usually external to the SoC, while the VM is internal to the SoC. As the code is transferred from NVM to VM, it is authenticated by the SoC's ROM code.

如果挥发性内存区域保护或访问控件不足以防止对手或不信任的代理进行修改，则可以绕过或用执行对手代码绕过或替换安全启动。

Relationships

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore.

与观点“研究概念”相关（CWE-1000）

Nature	类型	ID	Name
ChildOf	支柱 - 弱点是最抽象的弱点类型，代表了与之相关的所有类别/基础/变体弱点的主题。从技术上讲，柱子与类别不同，因为在技术上仍然是一种描述错误的弱点，而类别代表用于分组相关事物的常见特征。	284	不当访问控制

与视图“硬件设计”相关（CWE-1194）

Nature	类型	ID	Name
成员	类别 - 包含共享共同特征的其他条目的CWE条目。	1196	Security Flow Issues

Modes Of Introduction

The different Modes of Introduction provide information about how and when this weakness may be introduced. The Phase identifies a point in the life cycle at which introduction may occur, while the Note provides a typical scenario related to introduction during the given phase.

阶段	Note
建筑和设计	This weakness can be introduced during hardware architecture or design but can be identified later during testing.

Applicable Platforms

This listing shows possible areas for which the given weakness could appear. These may be for specific named Languages, Operating Systems, Architectures, Paradigms, Technologies, or a class of such platforms. The platform is listed along with how frequently the given weakness appears for that instance.

Languages

班级：不是特定语言的(Undetermined Prevalence)

操作系统

Class: Not OS-Specific(Undetermined Prevalence)

Architectures

班级：不是特定于建筑的(Undetermined Prevalence)

技术

班级：不是针对技术的(Undetermined Prevalence)

Common Consequences

This table specifies different individual consequences associated with the weakness. The Scope identifies the application security area that is violated, while the Impact describes the negative technical impact that arises if an adversary succeeds in exploiting this weakness. The Likelihood provides information about how likely the specific consequence is expected to be seen relative to the other consequences in the list. For example, there may be high likelihood that a weakness will be exploited to achieve a certain impact, but a low likelihood that it will be exploited to achieve a different impact.

范围	影响	Likelihood
访问控制正直	Technical Impact:修改内存；执行未经授权的代码或命令；获得特权或假定身份	高的

示例的例子

示例1

典型的SOC安全启动流的流程包括从NVM（例如串行，外围接口（SPI）闪存）获取下一件代码（即引导加载程序），并将其传输到DRAM/SRAM挥发性，内部内存，更多是更多高效的。

（不良代码）

The volatile-memory protections or access controls are insufficient.

对手可以修改启动加载程序执行器的内存。

（好代码）

A good architecture should define appropriate protections or access controls to prevent modification by an adversary or untrusted agent, once the bootloader is authenticated.

观察到的例子

参考	描述
CVE-2019-2267	Locked memory regions may be modified through other interfaces in a secure-boot-loader image due to improper access control.

潜在的缓解

阶段: Architecture and Design

Ensure that the design of volatile-memory protections is enough to prevent modification from an adversary or untrusted code.

阶段：测试

测试挥发性内存保护，以确保它们免受修改或不受信任的代码。

Weakness Ordinalities

Ordinality	描述
基本的	（弱点独立于其他弱点的地方）

检测方法

Manual Analysis

Ensure the volatile memory is lockable or has locks. Ensure the volatile memory is locked for writes from untrusted agents or adversaries. Try modifying the volatile memory from an untrusted agent, and ensure these writes are dropped.

有效性：高

Manual Analysis

Analyze the device using the following steps:

1) Identify all fabric master agents that are active during system Boot Flow when initial code is loaded from Non-volatile storage to volatile memory.

2）确定用于存储加载系统可执行程序的挥发性内存区域。

3）在系统引导过程中，测试步骤2中所有标识的主体中确定的内存区域的测试编程。

Only trusted masters should be allowed to write to the memory regions. For example, pluggable device peripherals should not have write access to program load memory regions.

有效性：中等

会员资格

此成员关系表显示了其他CWE类别和视图，将此弱点称为成员。该信息通常可用于理解弱点适合外部信息源的何处。

Nature	类型	ID	Name
成员	看法- a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries).	1343	2021 CWE中最重要的硬件弱点列表中的弱点

Related Attack Patterns

CAPEC-ID	攻击模式名称
CAPEC-456	感染记忆
CAPEC-679	Exploitation of Improperly Configured or Implemented Memory Protections

Content History

提交
提交日期	Submitter	组织
2020-04-25	Arun Kanuparthi，Hareesh Khattri，Parbati Kumar Manna，Narasimha Kumar v Mangipudi	Intel Corporation
2020-04-25
Contributions
贡献日期	Contributor	组织
2021-10-20	Narasimha Kumar V Mangipudi	Lattice Semiconductor
2021-10-20	suggested content improvements
2021-10-22	Hareesh Khattri	Intel Corporation
2021-10-22	提供的检测方法
Modifications
Modification Date	修饰符	组织
2020-08-20	CWE内容团队	MITRE
2020-08-20	更新的示范_examples，Description，Ressect_attack_patterns
2021-10-28	CWE内容团队	MITRE
2021-10-28	updated Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Observed_Examples, Potential_Mitigations, Relationships, Weakness_Ordinalities
2022-04-28	CWE内容团队	MITRE
2022-04-28	updated Related_Attack_Patterns
2023-01-31	CWE内容团队	MITRE
2023-01-31	updated Related_Attack_Patterns
先前的输入名称
改变日期	Previous Entry Name
2021-10-28	Insufficient Protections on the Volatile Memory Containing Boot Code

普遍的弱点

CWE-1274：包含引导代码的挥发性内存的不正确访问控制


	站点地图\|Terms of Use\|隐私政策\|联系我们\| 使用共同弱点枚举（CWE）和本网站的相关参考Terms of Use。CWE由美国国土安全部（DHS）网络安全和基础设施安全局(CISA) and managed by the国土安全系统工程和开发研究所（HSSEDI）由manbetx客户端首页（MITER）。版权所有©2006–2023，Miter Comanbetx客户端首页rporation。CWE，CWSS，CWRAF和CWE徽标是Miter Corporation的商标。manbetx客户端首页