CWE-1244: Internal Asset Exposed to Unsafe Debug Access Level or State

CWE-1244: Internal Asset Exposed to Unsafe Debug Access Level or State | RadicalNotion.AI

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

The JTAG interface is used to perform debugging and provide CPU core access for developers. JTAG-access protection is implemented as part of the JTAG_SHIELD bit in the hw_digctl_ctrl register. This register has no default value at power up and is set only after the system boots from ROM and control is transferred to the user software.

Example

plaintext

The default value of this register bit should be set to 1 to prevent the JTAG from being enabled at system reset.

This means that since the end user has access to JTAG at system reset and during ROM code execution before control is transferred to user software, a JTAG user can modify the boot flow and subsequently disclose all CPU information, including data-encryption keys.

The example code below is taken from the CVA6 processor core of the HACK@DAC'21 buggy OpenPiton SoC. Debug access allows users to access internal hardware registers that are otherwise not exposed for user access or restricted access through access control protocols. Hence, requests to enter debug mode are checked and authorized only if the processor has sufficient privileges. In addition, debug accesses are also locked behind password checkers. Thus, the processor enters debug mode only when the privilege level requirement is met, and the correct debug password is provided.

CWE-1244: Internal Asset Exposed to Unsafe Debug Access Level or State

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Manual Analysis

Code examples

Illustrative examples

Attack patterns

Frequently asked questions

What is CWE-1244?

What CVEs are caused by CWE-1244?

How do you prevent CWE-1244?

How is CWE-1244 detected?

What are the consequences of CWE-1244?

Is CWE-1244 actively exploited?

References

Stay ahead of CWE-1244

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Manual Analysis

Code examples

Illustrative examples

Related weaknesses

Parent

Attack patterns

Frequently asked questions

What is CWE-1244?

What CVEs are caused by CWE-1244?

How do you prevent CWE-1244?

How is CWE-1244 detected?

What are the consequences of CWE-1244?

Is CWE-1244 actively exploited?

References

Stay ahead of CWE-1244