Description

The product’s hardware-enforced access control for a particular resource improperly accounts for privilege discrepancies between control and write policies.

Modes of Introduction:

– Architecture and Design

Related Weaknesses

CWE-284

Consequences

Confidentiality, Integrity, Availability, Access Control: Modify Memory, Read Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Bypass Protection Mechanism, Read Files or Directories, Reduce Reliability

Potential Mitigations

Phase: Architecture and Design, Implementation

Description: 

Access-control-policy definition and programming flow must be sufficiently tested in pre-silicon and post-silicon testing.

CVE References