Read Time:1 Minute, 5 Second

Description

The bus controller enables bits in the fabric end-point to allow responder devices to control transactions on the fabric.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-284

 

Consequences

Access Control: Modify Memory, Read Memory, Bypass Protection Mechanism

 

Potential Mitigations

Phase: Architecture and Design

Description: 

For responder devices, the register bit in the fabric end-point that enables the bus controlling capability must be set to 0 by default. This bit should not be set during secure-boot flows. Also, writes to this register must be access-protected to prevent malicious modifications to obtain bus-controlling capability.

Phase: Implementation

Description: 

For responder devices, the register bit in the fabric end-point that enables the bus controlling capability must be set to 0 by default. This bit should not be set during secure-boot flows. Also, writes to this register must be access-protected to prevent malicious modifications to obtain bus-controlling capability.

Phase: System Configuration

Description: 

For responder devices, the register bit in the fabric end-point that enables the bus controlling capability must be set to 0 by default. This bit should not be set during secure-boot flows. Also, writes to this register must be access-protected to prevent malicious modifications to obtain bus-controlling capability.

CVE References