CWE-1193 – Power-On of Untrusted Execution Core Before Enabling Fabric Access Control
Description The product enables components that contain untrusted firmware before memory and fabric access controls have been enabled. Modes of Introduction: Related Weaknesses...
CWE-1192 – System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers
Description The System-on-Chip (SoC) does not have unique, immutable identifiers for each of its components. Modes of Introduction: - Architecture and Design Related...
CWE-1191 – On-Chip Debug and Test Interface With Improper Access Control
Description The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test...
CWE-1190 – DMA Device Enabled Too Early in Boot Phase
Description The product enables a Direct Memory Access (DMA) capable device before the security configuration settings are established, which allows an attacker to extract data...
CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer
Description The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the...
CWE-1189 – Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
Description The System-On-a-Chip (SoC) does not properly isolate shared resources between trusted and untrusted agents. Modes of Introduction: - Architecture and Design Related...
CWE-1188 – Insecure Default Initialization of Resource
Description The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not...
CWE-1187 – DEPRECATED: Use of Uninitialized Resource
Description This entry has been deprecated because it was a duplicate of CWE-908. All content has been transferred to CWE-908. Modes of Introduction: ...
CWE-118 – Incorrect Access of Indexable Resource (‘Range Error’)
Description The software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such...
CWE-1177 – Use of Prohibited Code
Description The software uses a function, library, or third party component that has been explicitly prohibited, whether by the developer or the customer. Modes of...