CWE-1283 – Mutable Attestation or Measurement Reporting Data

Read Time:15 Second

Description

The register contents used for attestation or measurement reporting data to verify boot flow are modifiable by an adversary.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-284

 

Consequences

Confidentiality: Read Memory, Read Application Data

 

Potential Mitigations

Phase: Architecture and Design

Description: 

CVE References