CWE-1312: Missing Protection for Mirrored Regions in On-Chip Fabric Firewall

ID CWE-1312

Abstraction Base

Structure Simple

Status Draft

The firewall in an on-chip fabric protects the main addressed region, but it does not protect any mirrored memory or memory-mapped-IO (MMIO) regions.

Few fabrics mirror memory and address ranges, where mirrored regions contain copies of the original data. This redundancy is used to achieve fault tolerance. Whatever protections the fabric firewall implements for the original region should also apply to the mirrored regions. If not, an attacker could bypass existing read/write protections by reading from/writing to the mirrored regions to leak or corrupt the original data.

Modes of Introduction

Phase	Note
Architecture and Design
Implementation

Applicable Platforms

Type	Class	Name	Prevalence
Language	Not Language-Specific
Operating_system	Not OS-Specific
Architecture	Not Architecture-Specific
Technology	Not Technology-Specific

Relationships

View			Weakness
# ID	View	Status	# ID	Name	Abstraction	Structure	Status
CWE-1000	Research Concepts	Draft	CWE-284	Improper Access Control	Pillar	Simple	Incomplete
CWE-1194	Hardware Design	Draft	CWE-1251	Mirrored Regions with Different Values	Base	Simple	Incomplete

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPEC™) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org

# ID	Name	Weaknesses
CAPEC-456	Infected Memory	CWE-1312
CAPEC-679	Exploitation of Improperly Configured or Implemented Memory Protections	CWE-1312