CWE-1037: Processor Optimization Removal or Modification of Security-critical Code

ID CWE-1037

Abstraction Base

Structure Simple

Status Incomplete

The developer builds a security-critical protection mechanism into the software, but the processor optimizes the execution of the program such that the mechanism is removed or modified.

Modes of Introduction

Phase	Note
Architecture and Design	Optimizations built into the design of the processor can have unintended consequences during the execution of an application.

Applicable Platforms

Type	Class	Name	Prevalence
Language	Not Language-Specific
Technology		Processor Hardware

Relationships

View			Weakness
# ID	View	Status	# ID	Name	Abstraction	Structure	Status
CWE-1000	Research Concepts	Draft	CWE-1038	Insecure Automated Optimizations	Class	Simple	Draft

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPEC™) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org

# ID	Name	Weaknesses
CAPEC-663	Exploitation of Transient Instruction Execution	CWE-1037