Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1314 — Vulnerability Class 1

1 vulnerabilities classified as CWE-1314. AI Chinese analysis included.

CWE-1314 represents a critical configuration weakness where parametric data values, specifically sensor scaling factors, lack write protection. This vulnerability allows untrusted software to manipulate the apparent sensor readings, effectively bypassing hardware safeguards designed to detect operational limits. Attackers typically exploit this by altering threshold values to hide malicious activities or induce hardware damage, leading to potential system failure or physical destruction of components. Since these limits are often set by hardware fuses or trusted software, the absence of enforcement mechanisms creates a significant security gap. Developers can mitigate this risk by implementing strict access controls on configuration registers, utilizing hardware-enforced write protection mechanisms, and ensuring that only authenticated, privileged processes can modify critical sensor parameters. Regular security audits and code reviews further help identify and rectify these unprotected data paths before deployment.

MITRE CWE Description
The device does not write-protect the parametric data values for sensors that scale the sensor value, allowing untrusted software to manipulate the apparent result and potentially damage hardware or cause operational failure. Various sensors are used by hardware to detect any devices operating outside of the design limits. The threshold limit values are set by hardware fuses or trusted software such as the BIOS. These limits may be related to thermal, power, voltage, current, and frequency. Hardware mechanisms may be used to protect against alteration of the threshold limit values by untrusted software. The limit values are generally programmed in standard units for the type of value being read. However, the hardware-sensor blocks may report the settings in different units depending upon sensor design and operation. The raw sensor output value is converted to the desired units using a scale conversion based on the parametric data programmed into the sensor. The final converted value is then compared with the previously programmed limits. While the limit values are usually protected, the sensor parametric data values may not be. By changing the parametric data, safe operational limits may be bypassed.
Common Consequences (1)
AvailabilityQuality Degradation, DoS: Resource Consumption (Other)
Sensor value manipulation, particularly thermal or power, may allow physical damage to occur or disabling of the device by a false fault shutdown causing a Denial-Of-Service.
Mitigations (1)
Architecture and DesignAccess controls for sensor blocks should ensure that only trusted software is allowed to change threshold limits and sensor parametric data.
Effectiveness: High
Examples (1)
Malicious software executes instructions to increase power consumption to the highest possible level while causing the clock frequency to increase to its maximum value. Such a program executing for an extended period of time would likely overheat the device, possibly resulting in permanent damage to the device. A ring, oscillator-based temperature sensor will generally report the sensed val…
The sensor frequency value is scaled by applying the function: Sensed Temp = a + b * Sensor Freq where a and b are the programmable calibration data coefficients. Software sets a and b to zero ensuring the sensed
							temperature is always zero.
Bad · Other
The sensor frequency value is scaled by applying the function: Sensed Temp = a + b * Sensor Freq where a and b are the programmable calibration data coefficients. Untrusted software is prevented from changing the values of either a or b, 
							preventing this method of manipulating the temperature.
Good · Other
CVE IDTitleCVSSSeverityPublished
CVE-2026-40188 goshs is Missing Write Protection for Parametric Data Values — goshs 7.7 High2026-04-10

Vulnerabilities classified as CWE-1314 represent 1 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.