CWE-1243

Sensitive Non-Volatile Information Not Protected During Debug

AI Translation Available

Access to security-sensitive information stored in fuses is not limited during debug.

Status

incomplete

Abstraction

base

Affected Platforms

Extended Description

AI Translation

Several security-sensitive values are programmed into fuses to be used during early-boot flows or later at runtime. Examples of these security-sensitive values include root keys, encryption keys, manufacturing-specific information, chip-manufacturer-specific information, and original-equipment-manufacturer (OEM) data. After the chip is powered on, these values are sensed from fuses and stored in temporary locations such as registers and local memories. These locations are typically access-control protected from untrusted agents capable of accessing them. Even to trusted agents, only read-access is provided.

Technical Details

AI Translation

Common Consequences

confidentiality access control

Impacts

modify memory read memory bypass protection mechanism

Potential Mitigations

Phases:

architecture and design implementation

Descriptions:

• Disable access to security-sensitive information stored in fuses directly and also reflected from temporary storage locations when in debug mode.

AI Generated Translation

Common Consequences

riservatezza controllo degli accessi

Impacts

modificare memoria leggere memoria elusione del meccanismo di protezione

Potential Mitigations

Phases:

architettura e design implementazione

Descriptions:

• Disabilitare l'accesso alle informazioni sensibili alla sicurezza memorizzate direttamente nei fuse e anche riflesse da posizioni di memoria temporanee quando si è in modalità debug.

CWE-1243

Common Consequences

Impacts

Potential Mitigations

Common Consequences

Impacts

Potential Mitigations

Iscriviti alla newsletter