Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1224 — Vulnerability Class 1

1 vulnerabilities classified as CWE-1224. AI Chinese analysis included.

CWE-1224 represents a critical hardware design flaw where write-once bit fields, often referred to as sticky bits in control registers, are improperly implemented to allow reprogramming by software. These bits are intended to be set once during initialization to define permanent hardware configurations or security states, yet the weakness permits subsequent modifications. Attackers typically exploit this vulnerability by manipulating these registers to alter critical system settings, bypass security mechanisms, or destabilize the hardware operation after initial configuration. To prevent this, developers must ensure that hardware logic strictly enforces immutability for designated write-once fields, preventing any software write attempts after the initial setup phase. Rigorous verification of register access controls and thorough testing of hardware reset behaviors are essential to maintain the integrity of these permanent configuration bits.

MITRE CWE Description
The hardware design control register "sticky bits" or write-once bit fields are improperly implemented, such that they can be reprogrammed by software. Integrated circuits and hardware IP software programmable controls and settings are commonly stored in register circuits. These register contents have to be initialized at hardware reset to define default values that are hard coded in the hardware description language (HDL) code of the hardware unit. A common security protection method used to protect register settings from modification by software is to make the settings write-once or "sticky." This allows writing to such registers only once, whereupon they become read-only. This is useful to allow initial boot software to configure systems settings to secure values while blocking runtime software from modifying such hardware settings. Failure to implement write-once restrictions in hardware design can expose such registers to being re-programmed by software and written multiple times. For example, write-once fields could be implemented to only be write-protected if they have been set to value "1", wherein they would work as "write-1-once" and not "write-once".
Common Consequences (1)
Confidentiality, Integrity, Availability, Access ControlVaries by Context
System configuration cannot be programmed in a secure way.
Mitigations (1)
Architecture and DesignDuring hardware design, all register write-once or sticky fields must be evaluated for proper configuration.
Examples (1)
Consider the example design module system verilog code shown below. register_write_once_example module is an example of register that has a write-once field defined. Bit 0 field captures the write_once_status value. This implementation can be for a register that is defined by specification to be a write-once register, since the write_once_status field gets written by input data bit 0 on first writ…
module register_write_once_example ( input [15:0] Data_in, input Clk, input ip_resetn, input global_resetn, input write, output reg [15:0] Data_out ); reg Write_once_status; always @(posedge Clk or negedge ip_resetn) if (~ip_resetn) begin Data_out <= 16'h0000; Write_once_status <= 1'b0; end else if (write & ~Write_once_status) begin Data_out <= Data_in & 16'hFFFE; Write_once_status <= Data_in[0]; // Input bit 0 sets Write_once_status end else if (~write) begin Data_out[15:1] <= Data_out[15:1]; Data_out[0] <= Write_once_status; end endmodule
Bad · Verilog
module register_write_once_example ( input [15:0] Data_in, input Clk, input ip_resetn, input global_resetn, input write, output reg [15:0] Data_out ); reg Write_once_status; always @(posedge Clk or negedge ip_resetn) if (~ip_resetn) begin Data_out <= 16'h0000; Write_once_status <= 1'b0; end else if (write & ~Write_once_status) begin Data_out <= Data_in & 16'hFFFE; Write_once_status <= 1'b1; // Write once status set on first write, independent of input end else if (~write) begin Data_out[15:1] <= Data_out[15:1]; Data_out[0] <= Write_once_status; end endmodule
Good · Verilog
CVE IDTitleCVSSSeverityPublished
CVE-2022-23005 Host Boot ROM Code Vulnerability in Systems Implementing UFS Boot Feature — NA 8.7 High2023-01-23

Vulnerabilities classified as CWE-1224 represent 1 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.