Read Time:32 Second

Description

A write-once register in hardware design is programmable by an untrusted software component earlier than the trusted software component, resulting in a race condition issue.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-362

 

Consequences

Access Control: Bypass Protection Mechanism

System configuration cannot be programmed in a secure way.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

During hardware design all register write-once or sticky fields must be evaluated for proper configuration.

Phase: Testing

Description: 

The testing phase should use automated tools to test that values are not reprogrammable and that write-once fields lock on writing zeros.

CVE References