CWE-1037: Processor Optimization Removal or Modification of Security-critical Code
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The developer builds a security-critical protection mechanism into the software, but the processor optimizes the execution of the program such that the mechanism is removed or modified.
常见后果
影响范围: Integrity
技术影响: Bypass Protection Mechanism
说明: A successful exploitation of this weakness will change the order of an application's execution and will likely be used to bypass specific protection mechanisms. This bypass can be exploited further to potentially read data that should otherwise be unaccessible.
检测方法
方法: White Box
In theory this weakness can be detected through the use of white box testing techniques where specifically crafted test cases are used in conjunction with debuggers to verify the order of statements being executed.
有效性: Opportunistic
观察示例
参考: CVE-2017-5715
Intel, ARM, and AMD processor optimizations related to speculative execution and branch prediction cause access control checks to be bypassed when placing data into the cache. Often known as "Spectre".
参考: CVE-2017-5753
Intel, ARM, and AMD processor optimizations related to speculative execution and branch prediction cause access control checks to be bypassed when placing data into the cache. Often known as "Spectre".
参考: CVE-2017-5754
Intel processor optimizations related to speculative execution cause access control checks to be bypassed when placing data into the cache. Often known as "Meltdown".
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | Optimizations built into the design of the processor can have unintended consequences during the execution of an application. |