CWE-1257 – Improper Access Control Applied to Mirrored or Aliased Memory Regions

Read Time:45 Second

Description

Aliased or mirrored memory regions in hardware designs may have inconsistent read/write permissions enforced by the hardware. A possible result is that an untrusted agent is blocked from accessing a memory region but is not blocked from accessing the corresponding aliased memory region.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-284
CWE-119

 

Consequences

Confidentiality: Read Memory

Integrity: Modify Memory

Availability: DoS: Instability

 

Potential Mitigations

Phase: Architecture and Design, Implementation

Description: 

The checks should be applied for consistency access rights between primary memory regions and any mirrored or aliased memory regions. If different memory protection units (MPU) are protecting the aliased regions, their protected range definitions and policies should be synchronized.

Phase: Architecture and Design, Implementation

Description: 

The controls that allow enabling memory aliases or changing the size of mapped memory regions should only be programmable by trusted software components.

CVE References