目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

CWE-1304 类漏洞列表 1

CWE-1304 类弱点 1 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-1304 属于硬件配置状态完整性保护不当漏洞。在电源保存与恢复操作中,若系统未验证配置状态的完整性,攻击者可利用此缺陷篡改持久化存储中的状态数据,从而在恢复后获得非预期的硬件行为或权限提升。开发者应确保在断电前保存状态时生成并存储校验值,并在恢复后严格验证该值,以保障配置数据的真实性和一致性,防止恶意篡改。

MITRE CWE 官方描述
CWE:CWE-1304 在电源保存/恢复操作期间未正确保留硬件配置状态的完整性 英文:该产品执行电源保存/恢复操作,但未确保在操作开始与结束之间维持和/或验证配置状态的完整性。 在断电之前,知识产权(IP)将当前状态(S)保存到持久性存储(如闪存或常开内存),以优化恢复操作。在此过程中,能够访问持久性存储的攻击者可能将(S)篡改为一种配置,该配置可能会修改权限、禁用保护措施和/或导致硬件损坏。如果 IP 未验证存储在持久性内存中的配置状态,则在重新通电或再次投入运行时,IP 可能会因激活不受欢迎/有害的配置而受到损害。
常见影响 (1)
Confidentiality, IntegrityDoS: Instability, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (Other), Gain Privileges or Assume Identity, Bypass Protection Mechanism, Alter Execution Logic, Quality Degradation, Unexpected State, Reduce Maintainability, Reduce Performance, Reduce Reliability
缓解措施 (3)
Architecture and DesignInside the IP, incorporate integrity checking on the configuration state via a cryptographic hash. The hash can be protected inside the IP such as by storing it in internal registers which never lose power. Before powering down, the IP performs a hash of the configuration and sav…
IntegrationOutside the IP, incorporate integrity checking of the configuration state via a trusted agent. Before powering down, the trusted agent performs a hash of the configuration and saves the hash in persistent storage. Upon restore, the IP requests the trusted agent validate its curre…
IntegrationOutside the IP, incorporate a protected environment that prevents undetected modification of the configuration state by untrusted agents. Before powering down, a trusted agent saves the IP's configuration state in this protected location that only it is privileged to. Upon restor…
代码示例 (1)
The following pseudo code demonstrates the power save/restore workflow which may lead to weakness through a lack of validation of the config state after restore.
void save_config_state() { void* cfg; cfg = get_config_state(); save_config_state(cfg); go_to_sleep(); } void restore_config_state() { void* cfg; cfg = get_config_file(); load_config_file(cfg); }
Bad · C
void save_config_state() { void* cfg; void* sha; cfg = get_config_state(); save_config_state(cfg); // save hash(cfg) to trusted location sha = get_hash_of_config_state(cfg); save_hash(sha); go_to_sleep(); } void restore_config_state() { void* cfg; void* sha_1, sha_2; cfg = get_config_file(); // restore hash of config from trusted memory sha_1 = get_persisted_sha_value(); sha_2 = get_hash_of_config_state(cfg); if (sha_1 != sha_2) assert_error_and_halt(); load_config_file(cfg); }
Good · C
CVE IDタイトルCVSS深刻度公開日
CVE-2024-23485 Gallagher Controller 6000和Gallagher Controller 7000 安全漏洞 — Controller 6000 and Controller 7000 4.6 Medium2024-07-11

CWE-1304 是常见的弱点类别,本平台收录该类弱点关联的 1 条 CVE 漏洞。