目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-1231 类漏洞列表 3

CWE-1231 类弱点 3 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-1231 属于硬件安全配置漏洞,指产品虽使用可信锁定比特限制对寄存器或地址区域的访问,却未防止该比特在设置后被修改。攻击者通常利用此缺陷,通过固件或硬件调试接口篡改锁定状态,从而绕过安全限制并获取未授权的资源访问权。开发者应避免此问题,确保锁定比特在初始化后具备防篡改机制,如通过只读存储器或硬件熔断技术,防止恶意软件或物理攻击者修改关键配置。

MITRE CWE 官方描述
CWE:CWE-1231 锁定位(Lock Bit)修改防护不当 产品使用可信的锁定位(Lock Bit)来限制对寄存器、地址区域或其他资源的访问,但产品未能在锁定位(Lock Bit)设置后防止其值被修改。 在集成电路(Integrated Circuits)和硬件知识产权(IP)核(Intellectual Property Cores)中,设备配置控制通常由可信的固件或软件模块(例如 BIOS/bootloader)在设备电源复位后进行编程,随后锁定以防止任何进一步的修改。这种行为通常通过可信的锁定位(Lock Bit)来实现。当锁定位(Lock Bit)被设置时,它会禁用对一组受保护寄存器或地址区域的写入操作。在锁定位(Lock Bit)保护功能的实现中,设计或编码错误可能导致锁定位(Lock Bit)在设置后被软件修改或清除。攻击者可能能够解锁系统以及该位旨在保护的功能。
常见影响 (1)
Access ControlModify Memory
Registers protected by lock bit can be modified even when lock is set.
缓解措施 (1)
Architecture and Design, Implementation, TestingSecurity lock bit protections must be reviewed for design inconsistency and common weaknesses. Security lock programming flow and lock properties must be tested in pre-silicon and post-silicon testing.
Effectiveness: High
代码示例 (2)
Consider the example design below for a digital thermal sensor that detects overheating of the silicon and triggers system shutdown. The system critical temperature limit (CRITICAL_TEMP_LIMIT) and thermal sensor calibration (TEMP_SENSOR_CALIB) data have to be programmed by firmware, and then the register needs to be locked (TEMP_SENSOR_LOCK).
Register Field description CRITICAL_TEMP_LIMIT [31:8] Reserved field; Read only; Default 0 [7:0] Critical temp 0-255 Centigrade; Read-write-lock; Default 125 TEMP_SENSOR_CALIB [31:0] Thermal sensor calibration data. Slope value used to map sensor reading to degrees Centigrade. TEMP_SENSOR_LOCK [31:1] Reserved field; Read only; Default 0 [0] Lock bit, locks CRITICAL_TEMP_LIMIT and TEMP_SENSOR_CALIB registers; Write-1-once; Default 0 TEMP_HW_SHUTDOWN [31:2] Reserved field; Read only; Default 0 [1] Enable hardware shutdown on critical temperature detection; Read-write; Default 0 CURRENT_TEMP [31:
Bad · Other
To fix this weakness, one could change the TEMP_HW_SHUTDOWN field to be locked by TEMP_SENSOR_LOCK. TEMP_HW_SHUTDOWN [31:2] Reserved field; Read only; Default 0 [1] Enable hardware shutdown on critical temperature detection; Read-write-Lock; Default 0 [0] Locked by TEMP_SENSOR_LOCK
Good · Other
The following example code is a snippet from the register locks inside the buggy OpenPiton SoC of HACK@DAC'21 [REF-1350]. Register locks help prevent SoC peripherals' registers from malicious use of resources. The registers that can potentially leak secret data are locked by register locks.
always @(posedge clk_i) begin if(~(rst_ni && ~jtag_unlock && ~rst_9)) begin for (j=0; j < 6; j=j+1) begin reglk_mem[j] <= 'h0; end end ...
Bad · Verilog
always @(posedge clk_i) begin if(~(rst_ni && ~jtag_unlock)) begin for (j=0; j < 6; j=j+1) begin reglk_mem[j] <= 'h0; end end ...
Good · Verilog
CVE ID标题CVSS风险等级Published
CVE-2025-52536 AMD Processors 安全漏洞 — AMD EPYC™ 9004 Series Processors 4.4AIMediumAI2026-02-10
CVE-2024-36354 AMD多款产品 安全漏洞 — AMD Ryzen™ Threadripper™ 3000 Processors 7.5 High2025-09-06
CVE-2022-42285 NVIDIA DGX 安全漏洞 — NVIDIA DGX servers 6.0 Medium2023-01-13

CWE-1231 是常见的弱点类别,本平台收录该类弱点关联的 3 条 CVE 漏洞。