Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1251 — Vulnerability Class 1

1 vulnerabilities classified as CWE-1251. AI Chinese analysis included.

CWE-1251 represents an architectural weakness where duplicated data regions, such as caches or mirrored storage, fail to maintain consistent values across all instances. This inconsistency typically arises when updates to the primary resource are not atomically propagated to all mirrored copies, leading to stale or divergent data states. Attackers exploit this vulnerability by inducing race conditions or timing discrepancies to read inconsistent data, potentially exposing sensitive information or causing system compromise through logic errors that rely on assumed data uniformity. To prevent this, developers must implement robust synchronization mechanisms, such as locking protocols or transactional updates, ensuring that all mirrored regions are updated simultaneously. Additionally, using strong consistency models and rigorous testing for concurrent access patterns helps guarantee that distributed copies remain synchronized, thereby eliminating the risk of data divergence and associated security breaches.

MITRE CWE Description
The product's architecture mirrors regions without ensuring that their contents always stay in sync. Having mirrored regions with different values might result in the exposure of sensitive information or possibly system compromise. In the interest of increased performance, one might need to duplicate a resource. A cache memory is a common example of this concept, which keeps a "local" copy of a data element in the high speed cache memory. Unfortunately, this speed improvement comes with a downside, since the product needs to ensure that the local copy always mirrors the original copy truthfully. If they get out of sync, the computational result is no longer true. During hardware design, memory is not the only item which gets mirrored. There are many other entities that get mirrored, as well: registers, memory regions, and, in some cases, even whole computational units. For example, within a multi-core processor, if all memory accesses for each and every core goes through a single Memory-Management Unit (MMU) then the MMU will become a performance bottleneck. In such cases, duplicating local MMUs that will serve only a subset of the cores rather than all of them may resolve the performance issue. These local copies are also called "shadow copies" or "mirrored copies." If the original resource never changed, local duplicate copies getting out of sync would never be an issue. However, the values of the original copy will sometimes change. When the original copy changes, the mir…
Common Consequences (1)
Confidentiality, Integrity, Availability, Access Control, Accountability, Authentication, Authorization, Non-RepudiationVaries by Context
Mitigations (1)
Architecture and DesignWhenever there are multiple, physically different copies of the same value that might change and the process to update them is not instantaneous and atomic, it is impossible to assert that the original and shadow copies will always be in sync - there will always be a time period when they are out of sync. To mitigate the consequential risk, the recommendations essentially are: Make this out-of-syn…
Effectiveness: Moderate
Examples (1)
Suppose a processor's Memory Management Unit (MMU) has 5 other shadow MMUs to distribute its workload for its various cores. Each MMU has the start address and end address of "accessible" memory. Any time this accessible range changes (as per the processor's boot status), the main MMU sends an update message to all the shadow MMUs.
CVE IDTitleCVSSSeverityPublished
CVE-2023-4272 Mali GPU Kernel Driver exposes sensitive data from freed memory — Midgard GPU Kernel Driver 5.5 -2023-11-07

Vulnerabilities classified as CWE-1251 represent 1 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.