CWE-1245Improper Finite State Machines (FSMs) in Hardware Logic

PUBLISHEDweakness record
released 2020-02-24 · last modified 2025-12-11

Metadata

CWE ID:
CWE-1245
摘要:
Base
结构:
Simple
状态:
Incomplete
发布日期:
2020-02-24
更新日期:
2025-12-11

名称

Improper Finite State Machines (FSMs) in Hardware Logic

描述

Faulty finite state machines (FSMs) in the hardware logic allow an attacker to put the system in an undefined state, to cause a denial of service (DoS) or gain privileges on the victim's system.

The functionality and security of the system heavily depend on the implementation of FSMs. FSMs can be used to indicate the current security state of the system. Lots of secure data operations and data transfers rely on the state reported by the FSM.

常见后果

范围:
Availability, Access Control
影响:
Unexpected State, DoS: Crash, Exit, or Restart, DoS: Instability, Gain Privileges or Assume Identity
注释:
Faulty FSM designs that do not account for all states, either through undefined states (left as don't cares) or through incorrect implementation, might lead an attacker to drive the system into an unstable state from which the system cannot recover without a reset, thus causing a DoS. Depending on what the FSM is used for, an attacker might also gain additional privileges to launch further attacks and compromise the security guarantees.

相关 CWE