Description
A bridge that is connected to a fabric without security features forwards transactions to the slave without checking the privilege level of the master. Similarly, it does not check the hardware identity of the transaction received from the slave interface of the bridge.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
CWE-284
Consequences
Confidentiality, Integrity, Access Control, Availability: DoS: Crash, Exit, or Restart, Bypass Protection Mechanism, Read Memory, Modify Memory
Potential Mitigations
Phase: Architecture and Design
Description:
Design includes provisions for access-control checks in the bridge for both upstream and downstream transactions.
Phase: Implementation
Description:
Implement access-control checks in the bridge for both upstream and downstream transactions.
CVE References
- CVE-2019-6260
- Baseboard Management Controller (BMC) device implements Advanced High-performance Bus (AHB) bridges that do not require authentication for arbitrary read and write access to the BMC’s physical address space from the host, and possibly the network [REF-1138].
