CWE-1323 – Improper Management of Sensitive Trace Data

Read Time:25 Second

Description

Trace data collected from several sources on the
System-on-Chip (SoC) is stored in unprotected locations or
transported to untrusted agents.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-284

 

Consequences

Confidentiality: Read Memory

An adversary can read secret values if they are captured in debug traces and stored unsafely.

 

Potential Mitigations

Phase: Implementation

Description: 

Tag traces to indicate owner and debugging privilege level (designer, OEM, or end user) needed to access that trace.

CVE References