CWE-1313: Hardware Allows Activation of Test or Debug Logic at Runtime
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
During runtime, the hardware allows for test or debug logic (feature) to be activated, which allows for changing the state of the hardware. This feature can alter the intended behavior of the system and allow for alteration and leakage of sensitive data by an adversary.
常见后果
影响范围: Confidentiality Integrity Availability
技术影响: Modify Memory Read Memory DoS: Crash, Exit, or Restart DoS: Instability DoS: Resource Consumption (CPU) DoS: Resource Consumption (Memory) DoS: Resource Consumption (Other) Execute Unauthorized Code or Commands Gain Privileges or Assume Identity Bypass Protection Mechanism Alter Execution Logic Quality Degradation Unexpected State Reduce Performance Reduce Reliability
潜在缓解措施
阶段: Architecture and Design
描述: Insert restrictions on when the hardware's test or debug features can be activated. For example, during normal operating modes, the hardware's privileged modes that allow access to such features cannot be activated. Configuring the hardware to only enter a test or debug mode within a window of opportunity such as during boot or configuration stage. The result is disablement of such test/debug features and associated modes during normal runtime operations.
阶段: Implementation
描述: Insert restrictions on when the hardware's test or debug features can be activated. For example, during normal operating modes, the hardware's privileged modes that allow access to such features cannot be activated. Configuring the hardware to only enter a test or debug mode within a window of opportunity such as during boot or configuration stage. The result is disablement of such test/debug features and associated modes during normal runtime operations.
阶段: Integration
描述: Insert restrictions on when the hardware's test or debug features can be activated. For example, during normal operating modes, the hardware's privileged modes that allow access to such features cannot be activated. Configuring the hardware to only enter a test or debug mode within a window of opportunity such as during boot or configuration stage. The result is disablement of such test/debug features and associated modes during normal runtime operations.
观察示例
参考: CVE-2021-33150
Hardware processor allows activation of test or debug logic at runtime.
参考: CVE-2021-0146
Processor allows the activation of test or debug logic at runtime, allowing escalation of privileges
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases. |
| Implementation | Such issues could be introduced during implementation and identified later during Testing or System Configuration phases. |
| Integration | Such issues could be introduced during integration and identified later during Testing or System configuration phases. |