CWE-1315Improper Setting of Bus Controlling Capability in Fabric End-point

PUBLISHEDweakness record
released 2020-12-10 · last modified 2025-12-11

Metadata

CWE ID:
CWE-1315
摘要:
Base
结构:
Simple
状态:
Incomplete
发布日期:
2020-12-10
更新日期:
2025-12-11

名称

Improper Setting of Bus Controlling Capability in Fabric End-point

描述

The bus controller enables bits in the fabric end-point to allow responder devices to control transactions on the fabric.

To support reusability, certain fabric interfaces and end points provide a configurable register bit that allows IP blocks connected to the controller to access other peripherals connected to the fabric. This allows the end point to be used with devices that function as a controller or responder. If this bit is set by default in hardware, or if firmware incorrectly sets it later, a device intended to be a responder on a fabric is now capable of controlling transactions to other devices and might compromise system security.

常见后果

范围:
Access Control
影响:
Modify Memory, Read Memory, Bypass Protection Mechanism

相关 CWE