Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-680:Exploitation of Improperly Controlled Registers
Attack Pattern ID:680
Version:v3.9
Attack Pattern Name:Exploitation of Improperly Controlled Registers
Abstraction:Detailed
Status:Draft
Likelihood of Attack:Medium
Typical Severity:High
DetailsContent HistoryRelated WeaknessesReports
▼Description

An adversary exploits missing or incorrectly configured access control within registers to read/write data that is not meant to be obtained or modified by a user.

▼Extended Description

Hardware systems often utilize trusted lock bits to prevent a set of registers from being written to or to restrict a register to only being written to once. Registers are also frequently used to store sensitive data leveraged in additional security operations, such as secure booting, authenticating code, device attestation, and more. However, the access control mechanisms meant to protect these registers may be fully missing or ineffective due to misconfiguration. If an adversary is able to discover improper access controls surrounding registers, it could result in the adversary obtaining sensitive data and/or modifying data that is meant to be immutable. This can ultimately result in processes like secure boot being circumvented or in protected configurations being modified.

▼Alternate Terms
▼Relationships
NatureTypeIDName
ChildOfS1Accessing Functionality Not Properly Constrained by ACLs
ChildOfS180Exploiting Incorrectly Configured Access Control Security Levels
Nature: ChildOf
Type: Standard
ID: 1
Name: Accessing Functionality Not Properly Constrained by ACLs
Nature: ChildOf
Type: Standard
ID: 180
Name: Exploiting Incorrectly Configured Access Control Security Levels
▼Execution Flow
▼Prerequisites
Awareness of the hardware being leveraged.
Access to the hardware being leveraged.
▼Skills Required
High

Intricate knowledge of registers.

▼Resources Required
▼Indicators
▼Consequences
ScopeLikelihoodImpactNote
IntegrityN/AModify DataN/A
ConfidentialityN/ARead DataN/A
Scope: Integrity
Likelihood: N/A
Impact: Modify Data
Note: N/A
Scope: Confidentiality
Likelihood: N/A
Impact: Read Data
Note: N/A
▼Mitigations
Design proper access control policies for hardware register access from software and ensure these policies are implemented in accordance with the specified design.
Ensure security lock bit protections are reviewed for design inconsistencies and common weaknesses.
Test security lock programming flow in both pre-silicon and post-silicon environments.
Leverage automated tools to test that values are not reprogrammable and that write-once fields lock on writing zeros.
Ensure that measurement data is stored in registers that are read-only or otherwise have access controls that prevent modification by an untrusted agent.
▼Example Instances
▼Related Weaknesses
IDName
CWE-1224Improper Restriction of Write-Once Bit Fields
CWE-1231Improper Prevention of Lock Bit Modification
CWE-1233Security-Sensitive Hardware Controls with Missing Lock Bit Protection
CWE-1262Improper Access Control for Register Interface
CWE-1283Mutable Attestation or Measurement Reporting Data
ID: CWE-1224
Name: Improper Restriction of Write-Once Bit Fields
ID: CWE-1231
Name: Improper Prevention of Lock Bit Modification
ID: CWE-1233
Name: Security-Sensitive Hardware Controls with Missing Lock Bit Protection
ID: CWE-1262
Name: Improper Access Control for Register Interface
ID: CWE-1283
Name: Mutable Attestation or Measurement Reporting Data
▼Taxonomy Mappings
Taxonomy NameEntry IDEntry Name
▼Notes
▼References
Reference ID: REF-693
Title: Huge Intel CPU Bug Allegedly Causes Kernel Memory Vulnerability With Up To 30% Performance Hit In Windows And Linux
Author: Brandon Hill
Publication:
Publisher:David Altavilla and Hot Hardware, Inc
Edition:
URL:https://hothardware.com/news/intel-cpu-bug-kernel-memory-isolation-linux-windows-macos
URL Date:2021-10-21
Day:02
Month:01
Year:2018
Details not found