Read Time:32 Second

Description

The hardware design control register “sticky bits” or write-once bit fields are improperly implemented, such that they can be reprogrammed by software.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-284

 

Consequences

Confidentiality, Integrity, Availability, Access Control: Varies by Context

System configuration cannot be programmed in a secure way.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

During hardware design all register write-once or sticky fields must be evaluated for proper configuration.

Phase: Testing

Description: 

The testing phase should use automated tools to test that values are not reprogrammable and that write-once fields lock on writing zeros.

CVE References