Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1189 — Vulnerability Class 2

2 vulnerabilities classified as CWE-1189. AI Chinese analysis included.

CWE-1189 represents a critical architectural weakness where a System-on-a-Chip fails to enforce strict isolation between trusted and untrusted agents sharing internal resources. This vulnerability typically arises from improper configuration of pin multiplexing or shared memory interfaces, allowing malicious actors to exploit the lack of boundaries. Attackers can leverage this flaw to intercept sensitive data, manipulate control signals, or execute unauthorized commands by accessing resources intended for secure subsystems. To mitigate this risk, developers must implement rigorous hardware-level access controls and memory protection units that strictly segregate privileged and non-privileged domains. Furthermore, engineers should conduct thorough threat modeling during the design phase to identify shared resource conflicts and apply least-privilege principles, ensuring that only authorized agents can interact with critical hardware components, thereby preserving system integrity and confidentiality.

MITRE CWE Description
The System-On-a-Chip (SoC) does not properly isolate shared resources between trusted and untrusted agents. A System-On-a-Chip (SoC) has a lot of functionality, but it may have a limited number of pins or pads. A pin can only perform one function at a time. However, it can be configured to perform multiple different functions. This technique is called pin multiplexing. Similarly, several resources on the chip may be shared to multiplex and support different features or functions. When such resources are shared between trusted and untrusted agents, untrusted agents may be able to access the assets intended to be accessed only by the trusted agents.
Common Consequences (2)
Access ControlBypass Protection Mechanism
If resources being used by a trusted user are shared with an untrusted user, the untrusted user may be able to modify the functionality of the shared resource of the trusted user.
IntegrityQuality Degradation
The functionality of the shared resource may be intentionally degraded.
Mitigations (1)
Architecture and DesignWhen sharing resources, avoid mixing agents of varying trust levels. Untrusted agents should not share resources with trusted agents.
Examples (1)
Consider the following SoC design. The Hardware Root of Trust (HRoT) local SRAM is memory mapped in the core{0-N} address space. The HRoT allows or disallows access to private memory ranges, thus allowing the sram to function as a mailbox for communication between untrusted and trusted HRoT partitions.
CVE IDTitleCVSSSeverityPublished
CVE-2025-54514 AMD Processors 安全漏洞 — AMD EPYC™ 9005 Series Processors 2.3AILowAI2026-02-10
CVE-2023-31325 AMD Graphics Driver和AMD Client Processor 安全漏洞 — AMD Ryzen™ 8000 Series Desktop Processors 7.2 High2025-09-06

Vulnerabilities classified as CWE-1189 represent 2 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.