CWE-1258 – Exposure of Sensitive System Information Due to Uncleared Debug Information
Description The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered. Modes of...
CWE-1259 – Improper Restriction of Security Token Assignment
Description The System-On-A-Chip (SoC) implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However,...
CWE-126 – Buffer Over-read
Description The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. This...
CWE-1260 – Improper Handling of Overlap Between Protected Memory Ranges
Description The product allows address regions to overlap, which can result in the bypassing of intended memory protection. Modes of Introduction: - Architecture and Design...
CWE-1261 – Improper Handling of Single Event Upsets
Description The hardware logic does not effectively handle when single-event upsets (SEUs) occur. Modes of Introduction: - Architecture and Design Related Weaknesses CWE-1384...
CWE-1262 – Improper Access Control for Register Interface
Description The product uses memory-mapped I/O registers that act as an interface to hardware functionality from software, but there is improper access control to those...
CWE-1263 – Improper Physical Access Control
Description The product is designed with access restricted to certain information, but it does not sufficiently protect against an unauthorized actor with physical access to...
CWE-1264 – Hardware Logic with Insecure De-Synchronization between Control and Data Channels
Description The hardware logic for error handling and security checks can incorrectly forward data before the security check is complete. Modes of Introduction: - Architecture...
CWE-1265 – Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls
Description During execution of non-reentrant code, the software performs a call that unintentionally produces a nested invocation of the non-reentrant code. In complex software, a...
CWE-1266 – Improper Scrubbing of Sensitive Data from Decommissioned Device
Description The product does not properly provide a capability for the product administrator to remove sensitive data at the time the product is decommissioned. A...