CWE-1317Improper Access Control in Fabric Bridge

PUBLISHEDweakness record
released 2020-12-10 · last modified 2025-12-11

Metadata

CWE ID:
CWE-1317
摘要:
Base
结构:
Simple
状态:
Draft
发布日期:
2020-12-10
更新日期:
2025-12-11

名称

Improper Access Control in Fabric Bridge

描述

The product uses a fabric bridge for transactions between two Intellectual Property (IP) blocks, but the bridge does not properly perform the expected privilege, identity, or other access control checks between those IP blocks.

In hardware designs, different IP blocks are connected through interconnect-bus fabrics (e.g. AHB and OCP). Within a System on Chip (SoC), the IP block subsystems could be using different bus protocols. In such a case, the IP blocks are then linked to the central bus (and to other IP blocks) through a fabric bridge. Bridges are used as bus-interconnect-routing modules that link different protocols or separate, different segments of the overall SoC interconnect. For overall system security, it is important that the access-control privileges associated with any fabric transaction are consistently maintained and applied, even when they are routed or translated by a fabric bridge. A bridge that is connected to a fabric without security features forwards transactions to the slave without checking the privilege level of the master and results in a weakness in SoC access-control security. The same weakness occurs if a bridge does not check the hardware identity of the transaction received from the slave interface of the bridge.

常见后果

范围:
Confidentiality, Integrity, Access Control, Availability
影响:
DoS: Crash, Exit, or Restart, Bypass Protection Mechanism, Read Memory, Modify Memory

相关 CWE