Read Time:1 Minute, 12 Second
Description
The product uses memory-mapped I/O registers that act as an interface to hardware functionality from software, but there is improper access control to those registers.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
CWE-284
Consequences
Confidentiality, Integrity: Read Memory, Read Application Data, Modify Memory, Modify Application Data, Gain Privileges or Assume Identity, Bypass Protection Mechanism, Unexpected State, Alter Execution Logic
Confidentiality of hardware assets may be violated if the protected information can be read out by software through the register interface. Registers storing security state, settings, other security-critical data may be corruptible by software without correctly implemented protections.
Potential Mitigations
Phase: Architecture and Design
Description:
Design proper policies for hardware register access from software.
Phase: Implementation
Description:
Ensure that access control policies for register access are implemented in accordance with the specified design.
CVE References
- CVE-2014-2915
- virtualization product does not restrict access to debug and other processor registers in the hardware, allowing a crash of the host or guest OS
- CVE-2021-3011
- virtual interrupt controller in a virtualization product allows crash of host by writing a certain invalid value to a register, which triggers a fatal error instead of returning an error code
- CVE-2020-12446
- Driver exposes access to Model Specific Register (MSR) registers, allowing admin privileges.
- CVE-2015-2150
- Virtualization product does not restrict access to PCI command registers, allowing host crash from the guest.
