目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CWE-1247 类漏洞列表 3

CWE-1247 类弱点 3 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-1247 属于硬件安全漏洞,指设备缺乏或错误实现了对电压和时钟毛刺的检测与缓解机制。攻击者通常通过物理手段注入异常电压或时钟信号,干扰芯片正常运行以绕过安全启动链或提取敏感密钥。开发者应在硬件设计中集成可靠的传感器与纠错电路,确保固件能识别并抵御此类物理扰动,从而保护设备内的信任链及机密信息免受物理侧信道攻击。

MITRE CWE 官方描述
CWE:CWE-1247 对电压毛刺和时钟毛刺(Voltage and Clock Glitches)的保护不当 英文:该设备未包含或包含错误实现的电路或传感器,无法检测并缓解电压毛刺和时钟毛刺,从而保护设备上包含的敏感信息或软件。 某些设备可能支持安全启动(Secure Boot)等功能,这些功能辅以硬件和固件支持。这涉及建立信任链(Chain of Trust),从不可变的信任根(Root of Trust)开始,在移交控制权之前,通过将下一阶段(最终包括操作系统和运行时软件)的签名与黄金值(Golden Value)进行比对来验证其完整性。中间阶段通常通过配置多项访问控制设置,将系统设置为安全状态。类似地,用于操作调试或测试接口的安全逻辑可能以硬件、固件或两者结合的方式实现。设备需要防范故障攻击(Fault Attacks),例如攻击者可能利用的电压毛刺和时钟毛刺,以试图破坏系统。
常见影响 (1)
Confidentiality, Integrity, Availability, Access ControlGain Privileges or Assume Identity, Bypass Protection Mechanism, Read Memory, Modify Memory, Execute Unauthorized Code or Commands
缓解措施 (1)
Architecture and Design, ImplementationAt the circuit-level, using Tunable Replica Circuits (TRCs) or special flip-flops such as Razor flip-flops helps mitigate glitch attacks. Working at the SoC or platform base, level sensors may be implemented to detect glitches. Implementing redundancy in security-sensitive code (e.g., where checks are performed)also can help with mitigation of glitch attacks.
代码示例 (1)
Below is a representative snippet of C code that is part of the secure-boot flow. A signature of the runtime-firmware image is calculated and compared against a golden value. If the signatures match, the bootloader loads runtime firmware. If there is no match, an error halt occurs. If the underlying hardware executing this code does not contain any circuitry or sensors to detect voltage or clock g…
... if (signature_matches)  // <-Glitch Here { load_runtime_firmware(); } else { do_not_load_runtime_firmware(); } ...
Bad · C
If the underlying hardware detects a voltage or clock glitch, the information can be used to prevent the glitch from being successful.
Good · Other
CVE ID标题CVSS风险等级Published
CVE-2025-54520 AMD Kintex 7-Series FPGA和AMD Artix 7-Series FPGA 安全漏洞 — Kintex™ 7-Series FPGA 5.2AIMediumAI2025-09-24
CVE-2024-4760 Microchip SAM 安全漏洞 — SAME70 6.3 Medium2024-05-16
CVE-2022-31224 Dell BIOS 安全漏洞 — CPG BIOS 2.0 Low2022-09-12

CWE-1247 是常见的弱点类别,本平台收录该类弱点关联的 3 条 CVE 漏洞。