CWE-1037 - Processor Optimization Removal or Modification of Security-critical Code

Read Time:56 Second

Description

The developer builds a security-critical protection mechanism into the software, but the processor optimizes the execution of the program such that the mechanism is removed or modified.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit: Low

Related Weaknesses

CWE-1038

Consequences

Integrity: Bypass Protection Mechanism

A successful exploitation of this weakness will change the order of an application’s execution and will likely be used to bypass specific protection mechanisms. This bypass can be exploited further to potentially read data that should otherwise be unaccessible.

Potential Mitigations

CVE References

CVE-2017-5715
- Intel, ARM, and AMD processor optimizations related to speculative execution and branch prediction cause access control checks to be bypassed when placing data into the cache. Often known as “Spectre”.

CVE-2017-5753
- Intel, ARM, and AMD processor optimizations related to speculative execution and branch prediction cause access control checks to be bypassed when placing data into the cache. Often known as “Spectre”.

CVE-2017-5754
- Intel processor optimizations related to speculative execution cause access control checks to be bypassed when placing data into the cache. Often known as “Meltdown”.

Cyber Security News

CWE-1037 – Processor Optimization Removal or Modification of Security-critical Code

Description

Related Weaknesses

Consequences

Potential Mitigations

CVE References

News, Advisories and much more