CWE-1323: Improper Management of Sensitive Trace Data
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
Trace data collected from several sources on the System-on-Chip (SoC) is stored in unprotected locations or transported to untrusted agents.
常见后果
影响范围: Confidentiality
技术影响: Read Memory
说明: An adversary can read secret values if they are captured in debug traces and stored unsafely.
潜在缓解措施
阶段: Implementation
描述: Tag traces to indicate owner and debugging privilege level (designer, OEM, or end user) needed to access that trace.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | - |
适用平台
编程语言
操作系统
技术
关键信息
CWE ID: CWE-1323
抽象级别: Base
结构: Simple
状态: Draft