1. Home
  2. Weaknesses
  3. CWE-1281

CWE-1281: Sequence of Processor Instructions Leads to Unexpected Behavior

ID CWE-1281
Abstraction Base
Structure Simple
Status Incomplete
Number of CVEs 2
Detail CAPEC Dashboard Vulnerabilities Web & Social
Specific combinations of processor instructions lead to undesirable behavior such as locking the processor until a hard reset performed.

If the instruction set architecture (ISA) and processor logic are not designed carefully and tested thoroughly, certain combinations of instructions may lead to locking the processor or other unexpected and undesirable behavior. Upon encountering unimplemented instruction opcodes or illegal instruction operands, the processor should throw an exception and carry on without negatively impacting security. However, specific combinations of legal and illegal instructions may cause unexpected behavior with security implications such as allowing unprivileged programs to completely lock the CPU.

Modes of Introduction

Phase Note
Architecture and Design Unexpected behavior from certain instruction combinations can arise from bugs in the ISA
Implementation Unexpected behavior from certain instruction combinations can arise because of implementation details such as speculative execution, caching etc.

Applicable Platforms

Type Class Name Prevalence
Language Not Language-Specific
Operating_system Not OS-Specific
Architecture Not Architecture-Specific
Technology Not Technology-Specific
Technology Processor Hardware

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-691 Insufficient Control Flow Management Pillar Simple Draft

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org
# ID Name Weaknesses
CAPEC-212 Functionality Misuse CWE-1281

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date