1. Home
  2. Weaknesses
  3. CWE-1189

CWE-1189: Improper Isolation of Shared Resources on System-on-a-Chip (SoC)

ID CWE-1189
Abstraction Base
Structure Simple
Status Stable
Number of CVEs 2
Detail CAPEC Dashboard Vulnerabilities Web & Social
The System-On-a-Chip (SoC) does not properly isolate shared resources between trusted and untrusted agents.

A System-On-a-Chip (SoC) has a lot of functionality, but it may have a limited number of pins or pads. A pin can only perform one function at a time. However, it can be configured to perform multiple different functions. This technique is called pin multiplexing. Similarly, several resources on the chip may be shared to multiplex and support different features or functions. When such resources are shared between trusted and untrusted agents, untrusted agents may be able to access the assets intended to be accessed only by the trusted agents.

Modes of Introduction

Phase Note
Architecture and Design
Implementation

Applicable Platforms

Type Class Name Prevalence
Language Not Language-Specific
Technology System on Chip

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-653 Improper Isolation or Compartmentalization Class Simple Draft
CWE-1000 Research Concepts Draft CWE-668 Exposure of Resource to Wrong Sphere Class Simple Draft
CWE-1000 Research Concepts Draft CWE-1331 Improper Isolation of Shared Resources in Network On Chip (NoC) Base Simple Stable

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org
# ID Name Weaknesses
CAPEC-124 Shared Resource Manipulation CWE-1189

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date