CWE-1264: Hardware Logic with Insecure De-Synchronization between Control and Data Channels

Base Incomplete Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

The hardware logic for error handling and security checks can incorrectly forward data before the security check is complete.

常见后果

影响范围: Confidentiality

技术影响: Read Memory Read Application Data

潜在缓解措施

阶段: Architecture and Design

观察示例

参考: CVE-2017-5754

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

引入模式

阶段	说明
Architecture and Design	The weakness can be introduced in the data transfer or bus protocol itself or in the implementation.
Implementation	-

适用平台

编程语言

Not Language-Specific (Undetermined)

操作系统

Not OS-Specific (Undetermined)

技术

Not Technology-Specific (Undetermined)

关键信息

CWE ID: CWE-1264

抽象级别: Base

结构: Simple

状态: Incomplete

CWE-1264: Hardware Logic with Insecure De-Synchronization between Control and Data Channels

弱点描述

常见后果

潜在缓解措施

观察示例

引入模式

适用平台

编程语言

操作系统

技术

关键信息

相关弱点

相关攻击模式

CWE-1264: Hardware Logic with Insecure De-Synchronization between Control and Data Channels

弱点描述

常见后果

潜在缓解措施

观察示例

引入模式

适用平台

编程语言

操作系统

技术

关键信息

相关弱点

ChildOf CWE-821

PeerOf CWE-1037

相关攻击模式