Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1326 — Vulnerability Class 8

8 vulnerabilities classified as CWE-1326. AI Chinese analysis included.

CWE-1326 represents a critical hardware design flaw where the foundational root of trust lacks immutability, allowing attackers to subvert secure boot mechanisms. This weakness typically manifests when the hardware’s initial verification stage relies on mutable storage or keys that can be altered, enabling adversaries to inject malicious boot code or bypass authentication checks entirely. By compromising the immutable root, attackers gain persistent low-level access, potentially leading to full system compromise and data exfiltration. To mitigate this risk, developers must ensure that the root of trust is established in read-only, hardware-enforced memory regions, such as one-time programmable fuses or secure boot ROMs. Rigorous validation of the boot chain’s integrity and strict separation between mutable software and immutable hardware components are essential strategies to prevent unauthorized code execution and maintain system authenticity from the earliest stages of initialization.

MITRE CWE Description
A missing immutable root of trust in the hardware results in the ability to bypass secure boot or execute untrusted or adversarial boot code. A System-on-Chip (SoC) implements secure boot by verifying or authenticating signed boot code. The signing of the code is achieved by an entity that the SoC trusts. Before executing the boot code, the SoC verifies that the code or the public key with which the code has been signed has not been tampered with. The other data upon which the SoC depends are system-hardware settings in fuses such as whether "Secure Boot is enabled". These data play a crucial role in establishing a Root of Trust (RoT) to execute secure-boot flows. One of the many ways RoT is achieved is by storing the code and data in memory or fuses. This memory should be immutable, i.e., once the RoT is programmed/provisioned in memory, that memory should be locked and prevented from further programming or writes. If the memory contents (i.e., RoT) are mutable, then an adversary can modify the RoT to execute their choice of code, resulting in a compromised secure boot. Note that, for components like ROM, secure patching/update features should be supported to allow authenticated and authorized updates in the field.
Common Consequences (1)
Authentication, AuthorizationGain Privileges or Assume Identity, Execute Unauthorized Code or Commands, Modify Memory
Mitigations (2)
Architecture and DesignWhen architecting the system, the RoT should be designated for storage in a memory that does not allow further programming/writes.
ImplementationDuring implementation and test, the RoT memory location should be demonstrated to not allow further programming/writes.
Examples (2)
The RoT is stored in memory. This memory can be modified by an adversary. For example, if an SoC implements "Secure Boot" by storing the boot code in an off-chip/on-chip flash, the contents of the flash can be modified by using a flash programmer. Similarly, if the boot code is stored in ROM (Read-Only Memory) but the public key or the hash of the public key (used to enable "Secure Boot") is store…
The example code below is a snippet from the bootrom of the HACK@DAC'19 buggy OpenPiton SoC [REF-1348]. The contents of the bootrom are critical in implementing the hardware root of trust.
... always_ff @(posedge clk_i) begin if (req_i) begin if (!we_i) begin raddr_q <= addr_i[$clog2(RomSize)-1+3:3]; end else begin mem[addr_i[$clog2(RomSize)-1+3:3]] <= wdata_i; end end end ... // this prevents spurious Xes from propagating into the speculative fetch stage of the core assign rdata_o = (raddr_q < RomSize) ? mem[raddr_q] : '0; ...
Bad · Verilog
... always_ff @(posedge clk_i) begin if (req_i) begin raddr_q <= addr_i[$clog2(RomSize)-1+3:3]; end end ... // this prevents spurious Xes from propagating into the speculative fetch stage of the core assign rdata_o = (raddr_q < RomSize) ? mem[raddr_q] : '0; ...
Good · Verilog
CVE IDTitleCVSSSeverityPublished
CVE-2025-34502 Shuffle Master Deck Mate 2 Missing Secure Boot — Deck Mate 2 6.8 -2025-10-24
CVE-2025-5834 Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability — DMH-WT7600NEX 7.8AIHighAI2025-06-25
CVE-2025-31929 Siemens VersiCharge AC Series 安全漏洞 — IEC 1Ph 7.4kW Child socket 4.2 Medium2025-05-13
CVE-2025-2762 CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability — CPC200-CCPA 7.8 -2025-04-23
CVE-2024-8357 Visteon Infotainment App SoC Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability — Infotainment 7.8 -2024-11-22
CVE-2024-30111 Missing Root Detection vulnerability affects DRYiCE AEX v10 — DRYiCE AEX 3.3 Low2024-06-28
CVE-2024-32742 Siemens SIMATIC CN 4100 安全漏洞 — SIMATIC CN 4100 7.6 High2024-05-14
CVE-2022-38773 Siemens SIMATIC S7-1500 安全漏洞 — SIMATIC Drive Controller CPU 1504D TF 4.6 Medium2023-01-10

Vulnerabilities classified as CWE-1326 represent 8 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.