CWE-1316

Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges

AI Translation Available

The address map of the on-chip fabric has protected and unprotected regions overlapping, allowing an attacker to bypass access control to the overlapping portion of the protected region.

Status

draft

Abstraction

base

Affected Platforms

Bus/Interface Hardware Not Technology-Specific

Extended Description

AI Translation

Various ranges can be defined in the system-address map, either in the memory or in Memory-Mapped-IO (MMIO) space. These ranges are usually defined using special range registers that contain information, such as base address and size. Address decoding is the process of determining for which range the incoming transaction is destined. To ensure isolation, ranges containing secret data are access-control protected.

Occasionally, these ranges could overlap. The overlap could either be intentional (e.g. due to a limited number of range registers or limited choice in choosing size of the range) or unintentional (e.g. introduced by errors). Some hardware designs allow dynamic remapping of address ranges assigned to peripheral MMIO ranges. In such designs, intentional address overlaps can be created through misconfiguration by malicious software. When protected and unprotected ranges overlap, an attacker could send a transaction and potentially compromise the protections in place, violating the principle of least privilege.

Technical Details

AI Translation

Common Consequences

confidentiality integrity access control authorization

Impacts

bypass protection mechanism read memory modify memory

Detection Methods

automated dynamic analysis manual static analysis

Potential Mitigations

Phases:

architecture and design implementation testing

Descriptions:

• Ranges configured by firmware should not overlap. If overlaps are mandatory because of constraints such as a limited number of registers, then ensure that no assets are present in the overlapped portion.

• When architecting the address map of the chip, ensure that protected and unprotected ranges are isolated and do not overlap. When designing, ensure that ranges hardcoded in Register-Transfer Level (RTL) do not overlap.

• Validate mitigation actions with robust testing.

AI Generated Translation

Common Consequences

riservatezza integrità controllo degli accessi autorizzazione

Impacts

elusione del meccanismo di protezione leggere memoria modificare memoria

Detection Methods

analisi dinamica automatizzata analisi statica manuale

Potential Mitigations

Phases:

architettura e design implementazione verifica

Descriptions:

• Gli intervalli configurati dal firmware non dovrebbero sovrapporsi. Se le sovrapposizioni sono obbligatorie a causa di vincoli come un numero limitato di registri, assicurarsi che nessun asset sia presente nella porzione sovrapposta.

• Quando si progetta la mappa degli indirizzi del chip, assicurarsi che gli intervalli protetti e non protetti siano isolati e non si sovrappongano. Durante la progettazione, garantire che gli intervalli codificati staticamente a livello Register-Transfer Level (RTL) non si sovrappongano.

• Convalida le azioni di mitigazione con test approfonditi.

CWE-1316

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter