CWE-1300: Improper Protection of Physical Side Channels

参考: CVE-2022-35888

Power side-channels leak secret information from processor

参考: CVE-2021-3011

electromagnetic-wave side-channel in security-related microcontrollers allows extraction of private key

参考: CVE-2019-14353

Crypto hardware wallet's power consumption relates to total number of pixels illuminated, creating a side channel in the USB connection that allows attackers to determine secrets displayed such as PIN numbers and passwords

参考: CVE-2020-27211

Chain: microcontroller system-on-chip contains uses a register value stored in flash to set product protection state on the memory bus but does not contain protection against fault injection (CWE-1319), which leads to an incorrect initialization of the memory bus (CWE-1419) leading the product to be in an unprotected state.

参考: CVE-2013-4576

message encryption software uses certain instruction sequences that allows RSA key extraction using a chosen-ciphertext attack and acoustic cryptanalysis

参考: CVE-2020-28368

virtualization product allows recovery of AES keys from the guest OS using a side channel attack against a power/energy monitoring interface.

参考: CVE-2019-18673

power consumption varies based on number of pixels being illuminated in a display, allowing reading of secrets such as the PIN by using the USB interface to measure power consumption