目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-1326 类漏洞列表 8

CWE-1326 类弱点 8 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-1326指硬件中缺失不可变的信任根,导致安全启动机制失效。攻击者可利用此缺陷绕过固件验证,执行恶意或未经授权的引导代码,从而完全控制设备底层。开发者需确保SoC内置硬件级只读密钥或熔丝,严格验证签名链,防止信任根被篡改或替换,从物理层面确立可信启动基础,阻断恶意代码注入路径。

MITRE CWE 官方描述
CWE:CWE-1326 硬件中缺少不可变信任根(Immutable Root of Trust) 硬件中缺少不可变信任根(Immutable Root of Trust)会导致能够绕过安全启动(Secure Boot)或执行不受信任或敌对的启动代码。 系统级芯片(SoC)通过验证或认证签名启动代码来实现安全启动(Secure Boot)。代码的签名由 SoC 信任的实体完成。在执行启动代码之前,SoC 会验证代码或用于签名代码的公钥是否未被篡改。SoC 所依赖的其他数据是系统硬件设置,例如熔丝(Fuses)中的配置,如“是否启用安全启动(Secure Boot)”。这些数据在建立用于执行安全启动流程的信任根(Root of Trust, RoT)方面起着至关重要的作用。实现 RoT 的众多方法之一是将代码和数据存储在内存或熔丝中。该内存应当是不可变的,即一旦 RoT 被编程/配置到内存中,该内存应被锁定并防止进一步的编程或写入。如果内存内容(即 RoT)是可变的,那么攻击者可以修改 RoT 以执行其选择的代码,从而导致安全启动(Secure Boot)被破坏。需要注意的是,对于 ROM 等组件,应支持安全修补/更新功能,以允许在现场进行经过认证和授权的更新。
常见影响 (1)
Authentication, AuthorizationGain Privileges or Assume Identity, Execute Unauthorized Code or Commands, Modify Memory
缓解措施 (2)
Architecture and DesignWhen architecting the system, the RoT should be designated for storage in a memory that does not allow further programming/writes.
ImplementationDuring implementation and test, the RoT memory location should be demonstrated to not allow further programming/writes.
代码示例 (2)
The RoT is stored in memory. This memory can be modified by an adversary. For example, if an SoC implements "Secure Boot" by storing the boot code in an off-chip/on-chip flash, the contents of the flash can be modified by using a flash programmer. Similarly, if the boot code is stored in ROM (Read-Only Memory) but the public key or the hash of the public key (used to enable "Secure Boot") is store…
The example code below is a snippet from the bootrom of the HACK@DAC'19 buggy OpenPiton SoC [REF-1348]. The contents of the bootrom are critical in implementing the hardware root of trust.
... always_ff @(posedge clk_i) begin if (req_i) begin if (!we_i) begin raddr_q <= addr_i[$clog2(RomSize)-1+3:3]; end else begin mem[addr_i[$clog2(RomSize)-1+3:3]] <= wdata_i; end end end ... // this prevents spurious Xes from propagating into the speculative fetch stage of the core assign rdata_o = (raddr_q < RomSize) ? mem[raddr_q] : '0; ...
Bad · Verilog
... always_ff @(posedge clk_i) begin if (req_i) begin raddr_q <= addr_i[$clog2(RomSize)-1+3:3]; end end ... // this prevents spurious Xes from propagating into the speculative fetch stage of the core assign rdata_o = (raddr_q < RomSize) ? mem[raddr_q] : '0; ...
Good · Verilog
CVE ID标题CVSS风险等级Published
CVE-2025-34502 Light & Wonder Deck Mate 安全漏洞 — Deck Mate 2 6.8 -2025-10-24
CVE-2025-5834 Pioneer DMH-WT7600NEX 安全漏洞 — DMH-WT7600NEX 7.8AIHighAI2025-06-25
CVE-2025-31929 Siemens VersiCharge AC Series 安全漏洞 — IEC 1Ph 7.4kW Child socket 4.2 Medium2025-05-13
CVE-2025-2762 CarlinKit CPC200-CCPA 安全漏洞 — CPC200-CCPA 7.8 -2025-04-23
CVE-2024-8357 Visteon Infotainment 安全漏洞 — Infotainment 7.8 -2024-11-22
CVE-2024-30111 HCL Technologies HCL DRYiCE AEX 安全漏洞 — DRYiCE AEX 3.3 Low2024-06-28
CVE-2024-32742 Siemens SIMATIC CN 4100 安全漏洞 — SIMATIC CN 4100 7.6 High2024-05-14
CVE-2022-38773 Siemens SIMATIC S7-1500 安全漏洞 — SIMATIC Drive Controller CPU 1504D TF 4.6 Medium2023-01-10

CWE-1326 是常见的弱点类别,本平台收录该类弱点关联的 8 条 CVE 漏洞。