{"@ID": "1189", "@Name": "Improper Isolation of Shared Resources on System-on-a-Chip (SoC)", "@Abstraction": "Base", "@Structure": "Simple", "@Status": "Stable", "Description": "The System-On-a-Chip (SoC) does not properly isolate shared resources between trusted and untrusted agents.", "Extended_Description": {"xhtml:p": "A System-On-a-Chip (SoC) has a lot of functionality, but it may have a limited number of pins or pads. A pin can only perform one function at a time. However, it can be configured to perform multiple different functions. This technique is called pin multiplexing. Similarly, several resources on the chip may be shared to multiplex and support different features or functions. When such resources are shared between trusted and untrusted agents, untrusted agents may be able to access the assets intended to be accessed only by the trusted agents."}, "Related_Weaknesses": {"Related_Weakness": [{"@Nature": "ChildOf", "@CWE_ID": "653", "@View_ID": "1000", "@Ordinal": "Primary"}, {"@Nature": "ChildOf", "@CWE_ID": "668", "@View_ID": "1000"}, {"@Nature": "PeerOf", "@CWE_ID": "1331", "@View_ID": "1000"}]}, "Weakness_Ordinalities": {"Weakness_Ordinality": {"Ordinality": "Primary"}}, "Applicable_Platforms": {"Language": {"@Class": "Not Language-Specific", "@Prevalence": "Undetermined"}, "Technology": {"@Class": "System on Chip", "@Prevalence": "Undetermined"}}, "Modes_Of_Introduction": {"Introduction": [{"Phase": "Architecture and Design"}, {"Phase": "Implementation"}]}, "Common_Consequences": {"Consequence": [{"Scope": "Access Control", "Impact": "Bypass Protection Mechanism", "Note": "If resources being used by a trusted user are shared with an untrusted user, the untrusted user may be able to modify the functionality of the shared resource of the trusted user."}, {"Scope": "Integrity", "Impact": "Quality Degradation", "Note": "The functionality of the shared resource may be intentionally degraded."}]}, "Detection_Methods": {"Detection_Method": {"Method": "Automated Dynamic Analysis", "Description": {"xhtml:p": "Pre-silicon / post-silicon: Test access to shared systems resources (memory ranges, control registers, etc.) from untrusted software to verify that the assets are not incorrectly exposed to untrusted agents. Note that access to shared resources can be dynamically allowed or revoked based on system flows. Security testing should cover such dynamic shared resource allocation and access control modification flows."}, "Effectiveness": "High"}}, "Potential_Mitigations": {"Mitigation": {"Phase": "Architecture and Design", "Strategy": "Separation of Privilege", "Description": {"xhtml:p": ["When sharing resources, avoid mixing agents of varying trust levels.", "Untrusted agents should not share resources with trusted agents."]}}}, "Demonstrative_Examples": {"Demonstrative_Example": {"Intro_Text": "Consider the following SoC\n\t      design. The Hardware Root of Trust (HRoT) local SRAM is memory mapped in the core{0-N}\n\t      address space. The HRoT allows or disallows access to private memory ranges, thus\n\t      allowing the sram to function as a mailbox for communication between untrusted and\n\t      trusted HRoT partitions.", "Body_Text": {"xhtml:img": {"@src": "/data/images/HRoT-CWE.png", "@alt": "Hardware Root of Trust"}, "xhtml:p": "We assume that the threat is from malicious software in\n\t      the untrusted domain. We assume this software has access\n\t      to the core{0-N} memory map and can be running at any\n\t      privilege level on the untrusted cores. The capability\n\t      of this threat in this example is communication to and\n\t      from the mailbox region of SRAM modulated by the\n\t      hrot_iface. To address this threat, information must not\n\t      enter or exit the shared region of SRAM through\n\t      hrot_iface when in secure or privileged mode."}}}, "Observed_Examples": {"Observed_Example": [{"Reference": "CVE-2020-8698", "Description": "Processor has improper isolation of shared resources allowing for information disclosure.", "Link": "https://www.cve.org/CVERecord?id=CVE-2020-8698"}, {"Reference": "CVE-2019-6260", "Description": "Baseboard Management Controller (BMC) device implements Advanced High-performance Bus (AHB) bridges that do not require authentication for arbitrary read and write access to the BMC's physical address space from the host, and possibly the network [REF-1138].", "Link": "https://www.cve.org/CVERecord?id=CVE-2019-6260"}]}, "Related_Attack_Patterns": {"Related_Attack_Pattern": {"@CAPEC_ID": "124"}}, "References": {"Reference": [{"@External_Reference_ID": "REF-1036"}, {"@External_Reference_ID": "REF-1138"}]}, "Mapping_Notes": {"Usage": "Allowed", "Rationale": "This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.", "Comments": "Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.", "Reasons": {"Reason": {"@Type": "Acceptable-Use"}}}, "Content_History": {"Submission": {"Submission_Name": "Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi", "Submission_Organization": "Intel Corporation", "Submission_Date": "2019-10-15", "Submission_Version": "4.0", "Submission_ReleaseDate": "2020-02-24"}, "Modification": [{"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-08-20", "Modification_Version": "4.2", "Modification_ReleaseDate": "2020-08-20", "Modification_Comment": "updated Common_Consequences, Description, Name, Potential_Mitigations, Related_Attack_Patterns, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-12-10", "Modification_Version": "4.3", "Modification_ReleaseDate": "2020-12-10", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2021-07-20", "Modification_Version": "4.5", "Modification_ReleaseDate": "2021-07-20", "Modification_Comment": "updated Demonstrative_Examples"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2021-10-28", "Modification_Version": "4.6", "Modification_ReleaseDate": "2021-10-28", "Modification_Comment": "updated Description, Observed_Examples, References, Relationships, Weakness_Ordinalities"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2022-10-13", "Modification_Version": "4.9", "Modification_ReleaseDate": "2022-10-13", "Modification_Comment": "updated Detection_Factors"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-04-27", "Modification_Version": "4.11", "Modification_ReleaseDate": "2023-04-27", "Modification_Comment": "updated Observed_Examples, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-06-29", "Modification_Version": "4.12", "Modification_ReleaseDate": "2023-06-29", "Modification_Comment": "updated Mapping_Notes, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-04-03", "Modification_Version": "4.17", "Modification_ReleaseDate": "2025-04-03", "Modification_Comment": "updated Demonstrative_Examples"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-09-09", "Modification_Version": "4.18", "Modification_ReleaseDate": "2025-09-09", "Modification_Comment": "updated Relationships"}], "Contribution": [{"@Type": "Content", "Contribution_Organization": "Cycuity (originally submitted as Tortuga Logic)", "Contribution_Date": "2021-07-16", "Contribution_Comment": "Provided Demonstrative Example for Hardware Root of Trust."}, {"@Type": "Content", "Contribution_Name": "Hareesh Khattri", "Contribution_Organization": "Intel Corporation", "Contribution_Date": "2021-10-22", "Contribution_Comment": "provided observed example"}, {"@Type": "Content", "Contribution_Name": "Hareesh Khattri", "Contribution_Organization": "Intel Corporation", "Contribution_Date": "2022-04-18", "Contribution_Comment": "changed detection method"}], "Previous_Entry_Name": {"@Date": "2020-08-20", "#text": "Improper Isolation of Shared Resources on System-on-Chip (SoC)"}}}
