CWE-1038: Insecure Automated Optimizations

Class Draft Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

The product uses a mechanism that automatically optimizes code, e.g. to improve a characteristic such as performance, but the optimizations can have an unintended side effect that might violate an intended security assumption.

常见后果

影响范围: Integrity

技术影响: Alter Execution Logic

说明: The optimizations alter the order of execution resulting in side effects that were not intended by the original developer.

观察示例

参考: CVE-2017-5715

Intel, ARM, and AMD processor optimizations related to speculative execution and branch prediction cause access control checks to be bypassed when placing data into the cache. Often known as "Spectre".

参考: CVE-2008-1685

C compiler optimization, as allowed by specifications, removes code that is used to perform checks to detect integer overflows.

引入模式

阶段 说明
Architecture and Design Optimizations built into the design of a product can have unintended consequences during execution.

适用平台

编程语言
Not Language-Specific (Undetermined)
关键信息

CWE ID: CWE-1038

抽象级别: Class

结构: Simple

状态: Draft

利用可能性: Low

相关弱点
ChildOf CWE-435

Improper Interaction Between Multiple Correctly-Behaving Entities

Pillar
ChildOf CWE-758

Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

Class
返回列表