Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1304 — Vulnerability Class 1

1 vulnerabilities classified as CWE-1304. AI Chinese analysis included.

CWE-1304 represents a critical integrity weakness where hardware configuration states are not adequately preserved or verified during power save and restore cycles. This vulnerability typically arises when firmware fails to ensure that the saved state matches the expected configuration upon resumption, allowing attackers to manipulate hardware settings or bypass security controls by exploiting the gap between power-down and power-up. Exploitation often involves inducing unexpected power transitions to corrupt state data, leading to unauthorized access or system instability. To mitigate this risk, developers must implement robust checksums or cryptographic hashes to validate configuration integrity before and after power events. Additionally, utilizing secure boot mechanisms and ensuring that critical state data is stored in tamper-resistant, always-on memory can prevent unauthorized modifications, thereby maintaining system reliability and security during low-power operations.

MITRE CWE Description
The product performs a power save/restore operation, but it does not ensure that the integrity of the configuration state is maintained and/or verified between the beginning and ending of the operation. Before powering down, the Intellectual Property (IP) saves current state (S) to persistent storage such as flash or always-on memory in order to optimize the restore operation. During this process, an attacker with access to the persistent storage may alter (S) to a configuration that could potentially modify privileges, disable protections, and/or cause damage to the hardware. If the IP does not validate the configuration state stored in persistent memory, upon regaining power or becoming operational again, the IP could be compromised through the activation of an unwanted/harmful configuration.
Common Consequences (1)
Confidentiality, IntegrityDoS: Instability, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (Other), Gain Privileges or Assume Identity, Bypass Protection Mechanism, Alter Execution Logic, Quality Degradation, Unexpected State, Reduce Maintainability, Reduce Performance, Reduce Reliability
Mitigations (3)
Architecture and DesignInside the IP, incorporate integrity checking on the configuration state via a cryptographic hash. The hash can be protected inside the IP such as by storing it in internal registers which never lose power. Before powering down, the IP performs a hash of the configuration and sav…
IntegrationOutside the IP, incorporate integrity checking of the configuration state via a trusted agent. Before powering down, the trusted agent performs a hash of the configuration and saves the hash in persistent storage. Upon restore, the IP requests the trusted agent validate its curre…
IntegrationOutside the IP, incorporate a protected environment that prevents undetected modification of the configuration state by untrusted agents. Before powering down, a trusted agent saves the IP's configuration state in this protected location that only it is privileged to. Upon restor…
Examples (1)
The following pseudo code demonstrates the power save/restore workflow which may lead to weakness through a lack of validation of the config state after restore.
void save_config_state() { void* cfg; cfg = get_config_state(); save_config_state(cfg); go_to_sleep(); } void restore_config_state() { void* cfg; cfg = get_config_file(); load_config_file(cfg); }
Bad · C
void save_config_state() { void* cfg; void* sha; cfg = get_config_state(); save_config_state(cfg); // save hash(cfg) to trusted location sha = get_hash_of_config_state(cfg); save_hash(sha); go_to_sleep(); } void restore_config_state() { void* cfg; void* sha_1, sha_2; cfg = get_config_file(); // restore hash of config from trusted memory sha_1 = get_persisted_sha_value(); sha_2 = get_hash_of_config_state(cfg); if (sha_1 != sha_2) assert_error_and_halt(); load_config_file(cfg); }
Good · C
CVE IDTitleCVSSSeverityPublished
CVE-2024-23485 Gallagher Controller 6000和Gallagher Controller 7000 安全漏洞 — Controller 6000 and Controller 7000 4.6 Medium2024-07-11

Vulnerabilities classified as CWE-1304 represent 1 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.