Tag Archives: CWE- 1264

CWE-1264 – Hardware Logic with Insecure De-Synchronization between Control and Data Channels

Read Time:26 Second

Description

The hardware logic for error handling and security checks can incorrectly forward data before the security check is complete.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-821
CWE-1037

 

Consequences

Confidentiality: Read Memory, Read Application Data

 

Potential Mitigations

Phase: Architecture and Design

Description: 

CVE References

  • CVE-2017-5754
    • Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.