CWE-1209: Failure to Disable Reserved Bits
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The reserved bits in a hardware design are not disabled prior to production. Typically, reserved bits are used for future capabilities and should not support any functional logic in the design. However, designers might covertly use these bits to debug or further develop new capabilities in production hardware. Adversaries with access to these bits will write to them in hopes of compromising hardware state.
常见后果
影响范围: Confidentiality Integrity Availability Access Control Accountability Authentication Authorization Non-Repudiation
技术影响: Varies by Context
说明: This type of weakness all depends on the capabilities of the logic being controlled or configured by the reserved bits.
潜在缓解措施
阶段: Architecture and Design Implementation
阶段: Integration
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | The Designer and Implementer have to make a conscious choice to do this |
| Implementation | The Designer and Implementer have to make a conscious choice to do this |
| Documentation | If documentation labels anything "for future use", "reserved", or the like, such labeling could indicate to an attacker a potential attack point |