CAPEC-679: Exploitation of Improperly Configured or Implemented Memory Protections
An adversary takes advantage of missing or incorrectly configured access control within memory to read/write data or inject malicious code into said memory.
Hardware product designs often need to implement memory protection features to prevent users from reading and modifying memory reserved for security operations such as secure booting, authenticating code, device attestation, and more. However, these protection features may be missing if not configured by developers. For example, this can occur if the developers assume these features are configured elsewhere. Additionally, developers often attempt to impose proper protection features, but may incorrectly configure these controls. One such example would be setting controls with insufficient granularity for protected address regions. If an adversary is able to discover improper access controls surrounding memory, it could result in the adversary obtaining sensitive data, executing code, circumventing security mechanisms, escalating privileges, or even denying service to higher privilege software.
Weaknesses
| # ID | Name | Type |
|---|---|---|
| CWE-1222 | Insufficient Granularity of Address Regions Protected by Register Locks | weakness |
| CWE-1252 | CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations | weakness |
| CWE-1257 | Improper Access Control Applied to Mirrored or Aliased Memory Regions | weakness |
| CWE-1260 | Improper Handling of Overlap Between Protected Memory Ranges | weakness |
| CWE-1274 | Improper Access Control for Volatile Memory Containing Boot Code | weakness |
| CWE-1282 | Assumed-Immutable Data is Stored in Writable Memory | weakness |
| CWE-1312 | Missing Protection for Mirrored Regions in On-Chip Fabric Firewall | weakness |
| CWE-1316 | Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges | weakness |
| CWE-1326 | Missing Immutable Root of Trust in Hardware | weakness |