CWE-1304Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation

PUBLISHEDweakness record
released 2020-08-20 · last modified 2025-12-11

Metadata

CWE ID:
CWE-1304
摘要:
Base
结构:
Simple
状态:
Draft
发布日期:
2020-08-20
更新日期:
2025-12-11

名称

Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation

描述

The product performs a power save/restore operation, but it does not ensure that the integrity of the configuration state is maintained and/or verified between the beginning and ending of the operation.

Before powering down, the Intellectual Property (IP) saves current state (S) to persistent storage such as flash or always-on memory in order to optimize the restore operation. During this process, an attacker with access to the persistent storage may alter (S) to a configuration that could potentially modify privileges, disable protections, and/or cause damage to the hardware. If the IP does not validate the configuration state stored in persistent memory, upon regaining power or becoming operational again, the IP could be compromised through the activation of an unwanted/harmful configuration.

常见后果

范围:
Confidentiality, Integrity
影响:
DoS: Instability, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (Other), Gain Privileges or Assume Identity, Bypass Protection Mechanism, Alter Execution Logic, Quality Degradation, Unexpected State, Reduce Maintainability, Reduce Performance, Reduce Reliability

相关 CWE