CWE-1314: Missing Write Protection for Parametric Data Values
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The device does not write-protect the parametric data values for sensors that scale the sensor value, allowing untrusted software to manipulate the apparent result and potentially damage hardware or cause operational failure.
常见后果
影响范围: Availability
技术影响: Quality Degradation DoS: Resource Consumption (Other)
说明: Sensor value manipulation, particularly thermal or power, may allow physical damage to occur or disabling of the device by a false fault shutdown causing a Denial-Of-Service.
潜在缓解措施
阶段: Architecture and Design
描述: Access controls for sensor blocks should ensure that only trusted software is allowed to change threshold limits and sensor parametric data.
有效性: High
观察示例
参考: CVE-2017-8252
Kernel can inject faults in computations during the execution of TrustZone leading to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice and Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | The lack of a requirement to protect parametric values may contribute to this weakness. |
| Implementation | The lack of parametric value protection may be a cause of this weakness. |