Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1312 — Vulnerability Class 1

1 vulnerabilities classified as CWE-1312. AI Chinese analysis included.

CWE-1312 represents a critical architectural weakness where on-chip fabric firewalls fail to enforce security policies on mirrored memory or memory-mapped I/O regions. While these mirrored areas provide essential fault tolerance by duplicating data, they often bypass the protective mechanisms applied to the primary addressed regions. Attackers typically exploit this gap by targeting the unprotected mirrored segments to read sensitive information or inject malicious code, effectively circumventing the intended isolation boundaries. This oversight allows unauthorized access to critical system resources that should remain secure. To mitigate this risk, developers must ensure that firewall rules and access control lists are consistently applied to all redundant memory copies. Rigorous verification of the on-chip fabric configuration is essential to guarantee that mirrored regions receive the same level of protection as their original counterparts, thereby maintaining the integrity of the entire system architecture.

MITRE CWE Description
The firewall in an on-chip fabric protects the main addressed region, but it does not protect any mirrored memory or memory-mapped-IO (MMIO) regions. Few fabrics mirror memory and address ranges, where mirrored regions contain copies of the original data. This redundancy is used to achieve fault tolerance. Whatever protections the fabric firewall implements for the original region should also apply to the mirrored regions. If not, an attacker could bypass existing read/write protections by reading from/writing to the mirrored regions to leak or corrupt the original data.
Common Consequences (1)
Confidentiality, Integrity, Access ControlModify Memory, Read Memory, Bypass Protection Mechanism
Mitigations (2)
Architecture and DesignThe fabric firewall should apply the same protections as the original region to the mirrored regions.
ImplementationThe fabric firewall should apply the same protections as the original region to the mirrored regions.
Examples (1)
A memory-controller IP block is connected to the on-chip fabric in a System on Chip (SoC). The memory controller is configured to divide the memory into four parts: one original and three mirrored regions inside the memory. The upper two bits of the address indicate which region is being addressed. 00 indicates the original region and 01, 10, and 11 are used to address the mirrored regions. All f…
CVE IDTitleCVSSSeverityPublished
CVE-2018-25244 Eco Search 1.0.2.0 Denial of Service — Eco Search 6.2 Medium2026-04-04

Vulnerabilities classified as CWE-1312 represent 1 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.