CWE-1316: Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The address map of the on-chip fabric has protected and unprotected regions overlapping, allowing an attacker to bypass access control to the overlapping portion of the protected region.
常见后果
影响范围: Confidentiality Integrity Access Control Authorization
技术影响: Bypass Protection Mechanism Read Memory Modify Memory
潜在缓解措施
阶段: Architecture and Design
描述: When architecting the address map of the chip, ensure that protected and unprotected ranges are isolated and do not overlap. When designing, ensure that ranges hardcoded in Register-Transfer Level (RTL) do not overlap.
阶段: Implementation
描述: Ranges configured by firmware should not overlap. If overlaps are mandatory because of constraints such as a limited number of registers, then ensure that no assets are present in the overlapped portion.
阶段: Testing
描述: Validate mitigation actions with robust testing.
检测方法
方法: Automated Dynamic Analysis
Review address map in specification to see if there are any overlapping ranges.
有效性: High
方法: Manual Static Analysis
Negative testing of access control on overlapped ranges.
有效性: High
观察示例
参考: CVE-2009-4419
Attacker can modify MCHBAR register to overlap with an attacker-controlled region, which modification prevents the SENTER instruction from properly applying VT-d protection while a Measured Launch Environment is being launched.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | - |