CWE-1189: Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
A System-On-a-Chip (SoC) has a lot of functionality, but it may have a limited number of pins or pads. A pin can only perform one function at a time. However, it can be configured to perform multiple different functions. This technique is called pin multiplexing. Similarly, several resources on the chip may be shared to multiplex and support different features or functions. When such resources are shared between trusted and untrusted agents, untrusted agents may be able to access the assets intended to be accessed only by the trusted agents.
Modes of Introduction
Phase | Note |
---|---|
Architecture and Design | |
Implementation |
Applicable Platforms
Type | Class | Name | Prevalence |
---|---|---|---|
Language | Not Language-Specific | ||
Technology | System on Chip |
Relationships
View | Weakness | |||||||
---|---|---|---|---|---|---|---|---|
# ID | View | Status | # ID | Name | Abstraction | Structure | Status | |
CWE-1000 | Research Concepts | Draft | CWE-653 | Improper Isolation or Compartmentalization | Class | Simple | Draft | |
CWE-1000 | Research Concepts | Draft | CWE-668 | Exposure of Resource to Wrong Sphere | Class | Simple | Draft | |
CWE-1000 | Research Concepts | Draft | CWE-1331 | Improper Isolation of Shared Resources in Network On Chip (NoC) | Base | Simple | Stable |
Common Attack Pattern Enumeration and Classification (CAPEC)
The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.
CAPEC at Mitre.orgCVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |