Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1247 — Vulnerability Class 3

3 vulnerabilities classified as CWE-1247. AI Chinese analysis included.

CWE-1247 represents a critical hardware-level weakness where a device lacks adequate circuitry or sensors to detect and mitigate voltage and clock glitches. Attackers typically exploit this vulnerability by inducing physical anomalies, such as sudden power drops or clock signal manipulations, to bypass security controls like secure boot or cryptographic operations. These glitches can cause the system to skip integrity checks or reveal sensitive data through side-channel analysis. To prevent such attacks, developers must implement robust hardware-based protections, including voltage and clock monitoring sensors that trigger immediate system resets or data erasure upon detecting irregularities. Additionally, employing fault-tolerant design principles, redundant verification mechanisms, and secure firmware updates ensures that the chain of trust remains intact even under adversarial physical conditions, thereby safeguarding sensitive information and maintaining overall system integrity against sophisticated glitch-based intrusion attempts.

MITRE CWE Description
The device does not contain or contains incorrectly implemented circuitry or sensors to detect and mitigate voltage and clock glitches and protect sensitive information or software contained on the device. A device might support features such as secure boot which are supplemented with hardware and firmware support. This involves establishing a chain of trust, starting with an immutable root of trust by checking the signature of the next stage (culminating with the OS and runtime software) against a golden value before transferring control. The intermediate stages typically set up the system in a secure state by configuring several access control settings. Similarly, security logic for exercising a debug or testing interface may be implemented in hardware, firmware, or both. A device needs to guard against fault attacks such as voltage glitches and clock glitches that an attacker may employ in an attempt to compromise the system.
Common Consequences (1)
Confidentiality, Integrity, Availability, Access ControlGain Privileges or Assume Identity, Bypass Protection Mechanism, Read Memory, Modify Memory, Execute Unauthorized Code or Commands
Mitigations (1)
Architecture and Design, ImplementationAt the circuit-level, using Tunable Replica Circuits (TRCs) or special flip-flops such as Razor flip-flops helps mitigate glitch attacks. Working at the SoC or platform base, level sensors may be implemented to detect glitches. Implementing redundancy in security-sensitive code (e.g., where checks are performed)also can help with mitigation of glitch attacks.
Examples (1)
Below is a representative snippet of C code that is part of the secure-boot flow. A signature of the runtime-firmware image is calculated and compared against a golden value. If the signatures match, the bootloader loads runtime firmware. If there is no match, an error halt occurs. If the underlying hardware executing this code does not contain any circuitry or sensors to detect voltage or clock g…
... if (signature_matches)  // <-Glitch Here { load_runtime_firmware(); } else { do_not_load_runtime_firmware(); } ...
Bad · C
If the underlying hardware detects a voltage or clock glitch, the information can be used to prevent the glitch from being successful.
Good · Other
CVE IDTitleCVSSSeverityPublished
CVE-2025-54520 AMD Kintex 7-Series FPGA和AMD Artix 7-Series FPGA 安全漏洞 — Kintex™ 7-Series FPGA 5.2AIMediumAI2025-09-24
CVE-2024-4760 Voltage glitch during startup of the EEFC NVM controller can bypass the security bit — SAME70 6.3 Medium2024-05-16
CVE-2022-31224 Dell BIOS 安全漏洞 — CPG BIOS 2.0 Low2022-09-12

Vulnerabilities classified as CWE-1247 represent 3 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.