CWE-1223: Race Condition for Write-Once Attributes
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
A write-once register in hardware design is programmable by an untrusted software component earlier than the trusted software component, resulting in a race condition issue.
常见后果
影响范围: Access Control
技术影响: Bypass Protection Mechanism
说明: System configuration cannot be programmed in a secure way.
潜在缓解措施
阶段: Architecture and Design
描述: During hardware design all register write-once or sticky fields must be evaluated for proper configuration.
阶段: Testing
描述: The testing phase should use automated tools to test that values are not reprogrammable and that write-once fields lock on writing zeros.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | This weakness can appear in designs that use register write-once attributes with two or more software/firmware modules with varying levels of trust executing in parallel. |