CWE-1290: Incorrect Decoding of Security Identifiers
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product implements a decoding mechanism to decode certain bus-transaction signals to security identifiers. If the decoding is implemented incorrectly, then untrusted agents can now gain unauthorized access to the asset.
常见后果
影响范围: Confidentiality Integrity Availability Access Control
技术影响: Modify Memory Read Memory DoS: Resource Consumption (Other) Execute Unauthorized Code or Commands Gain Privileges or Assume Identity Quality Degradation
潜在缓解措施
阶段: Architecture and Design
描述: Security identifier decoders must be reviewed for design consistency and common weaknesses.
阶段: Implementation
描述: Access and programming flows must be tested in pre-silicon and post-silicon testing in order to check for this weakness.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
| Architecture and Design | - |