CWE-1262 – Improper Access Control for Register Interface
Description The product uses memory-mapped I/O registers that act as an interface to hardware functionality from software, but there is improper access control to those...
CWE-1261 – Improper Handling of Single Event Upsets
Description The hardware logic does not effectively handle when single-event upsets (SEUs) occur. Modes of Introduction: - Architecture and Design Related Weaknesses CWE-1384...
CWE-1260 – Improper Handling of Overlap Between Protected Memory Ranges
Description The product allows address regions to overlap, which can result in the bypassing of intended memory protection. Modes of Introduction: - Architecture and Design...
CWE-126 – Buffer Over-read
Description The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. This...
CWE-1259 – Improper Restriction of Security Token Assignment
Description The System-On-A-Chip (SoC) implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However,...
CWE-1258 – Exposure of Sensitive System Information Due to Uncleared Debug Information
Description The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered. Modes of...
CWE-1257 – Improper Access Control Applied to Mirrored or Aliased Memory Regions
Description Aliased or mirrored memory regions in hardware designs may have inconsistent read/write permissions enforced by the hardware. A possible result is that an untrusted...
CWE-1256 – Improper Restriction of Software Interfaces to Hardware Features
Description The product provides software-controllable device functionality for capabilities such as power and clock management, but it does not properly limit functionality that can lead...
CWE-1255 – Comparison Logic is Vulnerable to Power Side-Channel Attacks
Description A device's real time power consumption may be monitored during security token evaluation and the information gleaned may be used to determine the value...
CWE-1254 – Incorrect Comparison Logic Granularity
Description The product's comparison logic is performed over a series of steps rather than across the entire string in one operation. If there is a...
