CWE-1310: Missing Ability to Patch ROM Code
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
Missing an ability to patch ROM code may leave a System or System-on-Chip (SoC) in a vulnerable state.
常见后果
影响范围: Other
技术影响: Varies by Context Reduce Maintainability
说明: When the system is unable to be patched, it can be left in a vulnerable state.
潜在缓解措施
阶段: Architecture and Design Implementation
描述: Secure patch support to allow ROM code to be patched on the next boot.
有效性: Moderate
阶段: Architecture and Design Implementation
描述: Support patches that can be programmed in-field or during manufacturing through hardware fuses. This feature can be used for limited patching of devices after shipping, or for the next batch of silicon devices manufactured, without changing the full device ROM.
有效性: Moderate
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | This issue could be introduced during hardware architecture and design and can be identified later during Testing. |
| Implementation | This issue could be introduced during implementation and can be identified later during Testing. |
| Integration | This issue could be introduced during integration and can be identified later during Testing. |
| Manufacturing | This issue could be introduced during manufacturing and can be identified later during Testing. |