Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1316 — Vulnerability Class 1

1 vulnerabilities classified as CWE-1316. AI Chinese analysis included.

CWE-1316 represents a critical hardware configuration weakness where the on-chip fabric’s address map permits unintended overlaps between protected and unprotected memory regions. This misconfiguration effectively undermines access control mechanisms, as the hardware fails to enforce strict boundaries between secure and non-secure spaces. Attackers typically exploit this flaw by targeting the overlapping address range, thereby bypassing security checks to read or write sensitive data that should remain isolated. Such exploitation can lead to unauthorized data disclosure or privilege escalation within the system. To prevent this vulnerability, developers must rigorously validate address map configurations during the design phase, ensuring that range registers are programmed to eliminate any spatial intersection between protected and unprotected zones. Automated verification tools and strict hardware security policies are essential to maintain clear, non-overlapping boundaries in both memory and MMIO spaces.

MITRE CWE Description
The address map of the on-chip fabric has protected and unprotected regions overlapping, allowing an attacker to bypass access control to the overlapping portion of the protected region. Various ranges can be defined in the system-address map, either in the memory or in Memory-Mapped-IO (MMIO) space. These ranges are usually defined using special range registers that contain information, such as base address and size. Address decoding is the process of determining for which range the incoming transaction is destined. To ensure isolation, ranges containing secret data are access-control protected. Occasionally, these ranges could overlap. The overlap could either be intentional (e.g. due to a limited number of range registers or limited choice in choosing size of the range) or unintentional (e.g. introduced by errors). Some hardware designs allow dynamic remapping of address ranges assigned to peripheral MMIO ranges. In such designs, intentional address overlaps can be created through misconfiguration by malicious software. When protected and unprotected ranges overlap, an attacker could send a transaction and potentially compromise the protections in place, violating the principle of least privilege.
Common Consequences (1)
Confidentiality, Integrity, Access Control, AuthorizationBypass Protection Mechanism, Read Memory, Modify Memory
Mitigations (3)
Architecture and DesignWhen architecting the address map of the chip, ensure that protected and unprotected ranges are isolated and do not overlap. When designing, ensure that ranges hardcoded in Register-Transfer Level (RTL) do not overlap.
ImplementationRanges configured by firmware should not overlap. If overlaps are mandatory because of constraints such as a limited number of registers, then ensure that no assets are present in the overlapped portion.
TestingValidate mitigation actions with robust testing.
Examples (1)
An on-chip fabric supports a 64KB address space that is memory-mapped. The fabric has two range registers that support creation of two protected ranges with specific size constraints--4KB, 8KB, 16KB or 32KB. Assets that belong to user A require 4KB, and those of user B require 20KB. Registers and other assets that are not security-sensitive require 40KB. One range register is configured to progr…
CVE IDTitleCVSSSeverityPublished
CVE-2019-25655 Device Monitoring Studio 8.10.00.8925 Denial of Service — Device Monitoring Studio 6.2 Medium2026-03-30

Vulnerabilities classified as CWE-1316 represent 1 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.