Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1283 — Vulnerability Class 3

3 vulnerabilities classified as CWE-1283. AI Chinese analysis included.

CWE-1283 represents a critical hardware security weakness where the registers storing attestation or measurement data for secure boot verification are mutable by an adversary. This vulnerability allows attackers to manipulate the boot flow integrity checks, potentially bypassing secure boot mechanisms to execute malicious code or hide rootkits. Exploitation typically involves physical access or advanced side-channel attacks to alter the hash values stored in these registers, thereby falsifying the system’s trust state. To mitigate this risk, developers must implement strict hardware-enforced write protection for these critical registers, ensuring they are immutable after initial configuration. Additionally, utilizing tamper-resistant packaging and continuous runtime integrity monitoring can detect unauthorized modifications, preserving the authenticity of the boot measurement chain and preventing privilege escalation attacks.

MITRE CWE Description
The register contents used for attestation or measurement reporting data to verify boot flow are modifiable by an adversary. A System-on-Chip (SoC) implements secure boot or verified boot. During this boot flow, the SoC often measures the code that it authenticates. The measurement is usually done by calculating the one-way hash of the code binary and extending it to the previous hash. The hashing algorithm should be a Secure One-Way hash function. The final hash, i.e., the value obtained after the completion of the boot flow, serves as the measurement data used in reporting or in attestation. The calculated hash is often stored in registers that can later be read by the party of interest to determine tampering of the boot flow. A common weakness is that the contents in these registers are modifiable by an adversary, thus spoofing the measurement.
Common Consequences (1)
ConfidentialityRead Memory, Read Application Data
Mitigations (1)
Architecture and DesignMeasurement data should be stored in registers that are read-only or otherwise have access controls that prevent modification by an untrusted agent.
Examples (1)
The SoC extends the hash and stores the results in registers. Without protection, an adversary can write their chosen hash values to these registers. Thus, the attacker controls the reported results.
CVE IDTitleCVSSSeverityPublished
CVE-2024-29038 tpm2 does not detect if quote was not generated by TPM — tpm2-tools 4.3 Medium2024-06-28
CVE-2023-3674 Keylime: attestation failure when the quote's signature does not validate — Red Hat Enterprise Linux 9 2.3 Low2023-07-19
CVE-2022-1740 2.2.2 MUTABLE ATTESTATION OR MEASUREMENT REPORTING DATA CWE-1283 — ImageCast X application 6.1 -2022-06-24

Vulnerabilities classified as CWE-1283 represent 3 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.