CWE-1429: Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product has a hardware interface that silently discards operations in situations for which feedback would be security-relevant, such as the timely detection of failures or attacks.
常见后果
影响范围: Confidentiality
技术影响: Read Memory Read Files or Directories
影响范围: Integrity
技术影响: Modify Memory Modify Files or Directories
影响范围: Availability
技术影响: DoS: Resource Consumption (Memory) DoS: Crash, Exit, or Restart
潜在缓解措施
阶段: Architecture and Design
有效性: High
阶段: Implementation
有效性: Moderate
检测方法
方法: Automated Static Analysis - Source Code
有效性: High
方法: Manual Static Analysis - Source Code
有效性: Moderate
观察示例
参考: [REF-1468]
Open source silicon root of trust (RoT) product does not immediately report when an integrity check fails for memory requests, causing the product to accept and continue processing data [REF-1468]
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | - |
| Requirements | - |