Description
The product implements a decoding mechanism to decode certain bus-transaction signals to security identifiers. If the decoding is implemented incorrectly, then untrusted agents can now gain unauthorized access to the asset.
Modes of Introduction:
– Implementation
Related Weaknesses
Consequences
Confidentiality, Integrity, Availability, Access Control: Modify Memory, Read Memory, DoS: Resource Consumption (Other), Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Quality Degradation
Potential Mitigations
Phase: Architecture and Design
Description:
Security identifier decoders must be reviewed for design consistency and common weaknesses.
Phase: Implementation
Description:
Access and programming flows must be tested in pre-silicon and post-silicon testing in order to check for this weakness.