CWE-1312

Missing Protection for Mirrored Regions in On-Chip Fabric Firewall

AI Translation Available

The firewall in an on-chip fabric protects the main addressed region, but it does not protect any mirrored memory or memory-mapped-IO (MMIO) regions.

Status

draft

Abstraction

base

Affected Platforms

Extended Description

AI Translation

Few fabrics mirror memory and address ranges, where mirrored regions contain copies of the original data. This redundancy is used to achieve fault tolerance. Whatever protections the fabric firewall implements for the original region should also apply to the mirrored regions. If not, an attacker could bypass existing read/write protections by reading from/writing to the mirrored regions to leak or corrupt the original data.

Technical Details

AI Translation

Common Consequences

confidentiality integrity access control

Impacts

modify memory read memory bypass protection mechanism

Detection Methods

manual dynamic analysis

Potential Mitigations

Phases:

architecture and design implementation

Descriptions:

• The fabric firewall should apply the same protections as the original region to the mirrored regions.

AI Generated Translation

Common Consequences

riservatezza integrità controllo degli accessi

Impacts

modificare memoria leggere memoria elusione del meccanismo di protezione

Detection Methods

analisi dinamica manuale

Potential Mitigations

Phases:

architettura e design implementazione

Descriptions:

• Il firewall fabric dovrebbe applicare le stesse protezioni della regione originale alle regioni mirrorate.

CWE-1312

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter