CWE-1268

Policy Privileges are not Assigned Consistently Between Control and Data Agents
AI Translation Available

The product's hardware-enforced access control for a particular resource improperly accounts for privilege discrepancies between control and write policies.

Status
draft
Abstraction
base

Integrated circuits and hardware engines may provide access to resources (device-configuration, encryption keys, etc.) belonging to trusted firmware or software modules (commonly set by a BIOS or a bootloader). These accesses are typically controlled and limited by the hardware. Hardware design access control is sometimes implemented using a policy. A policy defines which entity or agent may or may not be allowed to perform an action. When a system implements multiple levels of policies, a control policy may allow direct access to a resource as well as changes to the policies themselves.

Resources that include agents in their control policy but not in their write policy could unintentionally allow an untrusted agent to insert itself in the write policy register. Inclusion in the write policy register could allow a malicious or misbehaving agent write access to resources. This action could result in security compromises including leaked information, leaked encryption keys, or modification of device configuration.

Common Consequences

confidentiality integrity availability access control
Impacts
modify memory read memory dos: crash, exit, or restart execute unauthorized code or commands gain privileges or assume identity bypass protection mechanism read files or directories reduce reliability

Potential Mitigations

Phases:
architecture and design implementation
Descriptions:
• Access-control-policy definition and programming flow must be sufficiently tested in pre-silicon and post-silicon testing.