CWE-1189: Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
The System-On-a-Chip (SoC) does not properly isolate shared resources between trusted and untrusted agents.
Last updated
Overview
A System-On-a-Chip (SoC) has a lot of functionality, but it may have a limited number of pins or pads. A pin can only perform one function at a time. However, it can be configured to perform multiple different functions. This technique is called pin multiplexing. Similarly, several resources on the chip may be shared to multiplex and support different features or functions. When such resources are shared between trusted and untrusted agents, untrusted agents may be able to access the assets intended to be accessed only by the trusted agents.
Real-world CVEs
6 recorded CVEs are caused by CWE-1189 (Improper Isolation of Shared Resources on System-on-a-Chip (SoC)). The highest-severity and most recent are shown first. 3 new CWE-1189 CVEs have been recorded so far in 2026 (1 in 2025).
- CVE-2025-54518High · CVSS 7.3 · EPSS 17th2026-05-15
- CVE-2023-42667High · CVSS 7.3 · EPSS 15th2024-08-14
- CVE-2023-49141High · CVSS 7.3 · EPSS 21th2024-08-14
- CVE-2023-31325High · CVSS 7.2 · EPSS 3th2025-09-06
- CVE-2024-36332Medium · CVSS 6.8 · EPSS 1th2026-05-15
- CVE-2025-54514Medium · CVSS 4.8 · EPSS 1th2026-02-10
Common consequences
What can happen when CWE-1189 is exploited.
Bypass Protection Mechanism
Affects: Access Control
If resources being used by a trusted user are shared with an untrusted user, the untrusted user may be able to modify the functionality of the shared resource of the trusted user.
Quality Degradation
Affects: Integrity
The functionality of the shared resource may be intentionally degraded.
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Applies to
Technologies
How to prevent it
Practical mitigations for CWE-1189, grouped by where in the lifecycle they apply.
When sharing resources, avoid mixing agents of varying trust levels.
Untrusted agents should not share resources with trusted agents.
How to detect it
Automated Dynamic Analysis
Pre-silicon / post-silicon: Test access to shared systems resources (memory ranges, control registers, etc.) from untrusted software to verify that the assets are not incorrectly exposed to untrusted agents. Note that access to shared resources can be dynamically allowed or revoked based on system flows. Security testing should cover such dynamic shared resource allocation and access control modification flows.
Effectiveness: High
Code examples
Illustrative examples from MITRE showing how the weakness appears in code.
Consider the following SoC design. The Hardware Root of Trust (HRoT) local SRAM is memory mapped in the core{0-N} address space. The HRoT allows or disallows access to private memory ranges, thus allowing the sram to function as a mailbox for communication between untrusted and trusted HRoT partitions.
We assume that the threat is from malicious software in the untrusted domain. We assume this software has access to the core{0-N} memory map and can be running at any privilege level on the untrusted cores. The capability of this threat in this example is communication to and from the mailbox region of SRAM modulated by the hrot_iface. To address this threat, information must not enter or exit the shared region of SRAM through hrot_iface when in secure or privileged mode.
Illustrative examples
Real CVEs that MITRE cites as examples of this weakness.
- CVE-2020-8698 — Processor has improper isolation of shared resources allowing for information disclosure.
- CVE-2019-6260 — Baseboard Management Controller (BMC) device implements Advanced High-performance Bus (AHB) bridges that do not require authentication for arbitrary read and write access to the BMC's physical address space from the host, and possibly the network [REF-1138].
Attack patterns
CAPEC attack patterns that exploit this weakness.
Frequently asked questions
Common questions about CWE-1189.
- What is CWE-1189?
- The System-On-a-Chip (SoC) does not properly isolate shared resources between trusted and untrusted agents.
- What CVEs are caused by CWE-1189?
- 6 recorded CVEs are attributed to CWE-1189, including CVE-2025-54518, CVE-2023-42667, CVE-2023-49141.
- How do you prevent CWE-1189?
- When sharing resources, avoid mixing agents of varying trust levels.
- How is CWE-1189 detected?
- Automated Dynamic Analysis: Pre-silicon / post-silicon: Test access to shared systems resources (memory ranges, control registers, etc.) from untrusted software to verify that the assets are not incorrectly exposed to untrusted agents. Note that access to shared resources can be dynamically allowed or revoked based on system flows. Security testing should cover such dynamic shared resource allocation and access control modification flows.
- What are the consequences of CWE-1189?
- Exploiting CWE-1189 can lead to: Bypass Protection Mechanism, Quality Degradation.
- Is CWE-1189 actively exploited?
- 6 recorded CVEs are caused by CWE-1189; none are currently in CISA's KEV catalog of actively exploited flaws.
References
- MITRE CWE definition (CWE-1189) (opens in a new tab)
- CWE-1189 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-1189
Get alerted the moment a new CWE-1189 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.