CWE-1301 – Insufficient or Incomplete Data Removal within Hardware Component
Description The product's data removal process does not completely delete all data and potentially sensitive information within hardware components. Modes of Introduction: - Implementation ...
CWE-1302 – Missing Security Identifier
Description The product implements a security identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. A transaction...
CWE-1303 – Non-Transparent Sharing of Microarchitectural Resources
Description Hardware structures shared across execution contexts (e.g., caches and branch predictors) can violate the expected architecture isolation between contexts. Modes of Introduction: - Architecture...
CWE-1269 – Product Released in Non-Release Configuration
Description The product released to market is released in pre-production or manufacturing configuration. Modes of Introduction: - Implementation Related Weaknesses CWE-693 Consequences...
CWE-127 – Buffer Under-read
Description The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer....
CWE-1270 – Generation of Incorrect Security Tokens
Description The product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the...
CWE-1271 – Uninitialized Value on Reset for Registers Holding Security Settings
Description Security-critical logic is not set to a known value on reset. Modes of Introduction: - Implementation Related Weaknesses CWE-665 Consequences Access...
CWE-1272 – Sensitive Information Uncleared Before Debug/Power State Transition
Description The product performs a power or debug state transition, but it does not clear sensitive information that should no longer be accessible due to...
CWE-1273 – Device Unlock Credential Sharing
Description The credentials necessary for unlocking a device are shared across multiple parties and may expose sensitive information. Modes of Introduction: - Integration ...
CWE-1274 – Improper Access Control for Volatile Memory Containing Boot Code
Description The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient...