CWE-1292: Incorrect Conversion of Security Identifiers
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product implements a conversion mechanism to map certain bus-transaction signals to security identifiers. However, if the conversion is incorrectly implemented, untrusted agents can gain unauthorized access to the asset.
常见后果
影响范围: Confidentiality Integrity Availability Access Control
技术影响: Modify Memory Read Memory DoS: Resource Consumption (Other) Execute Unauthorized Code or Commands Gain Privileges or Assume Identity Quality Degradation
潜在缓解措施
阶段: Architecture and Design
描述: Security identifier decoders must be reviewed for design inconsistency and common weaknesses.
阶段: Implementation
描述: Access and programming flows must be tested in pre-silicon and post-silicon testing.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | Such issues could be introduced during hardware architecture and design, then identified later during Testing or System Configuration phases. |
| Implementation | Such issues could be introduced during hardware implementation, then identified later during Testing or System Configuration phases. |