Base weakness
Incomplete
Log in
The hardware logic for error handling and security checks can incorrectly forward data before the security check is complete.
Last updated
Many high-performance on-chip bus protocols and processor data-paths employ separate channels for control and data to increase parallelism and maximize throughput. Bugs in the hardware logic that handle errors and security checks can make it possible for data to be forwarded before the completion of the security checks. If the data can propagate to a location in the hardware observable to an attacker, loss of data confidentiality can occur. 'Meltdown' is a concrete example of how de-synchronization between data and permissions checking logic can violate confidentiality requirements. Data loaded from a page marked as privileged was returned to the CPU regardless of current privilege level for performance reasons. The assumption was that the CPU could later remove all traces of this data during the handling of the illegal memory access exception, but this assumption was proven false as traces of the secret data were not removed from the microarchitectural state.
2 recorded CVEs are caused by CWE-1264 (Hardware Logic with Insecure De-Synchronization between Control and Data Channels). The highest-severity and most recent are shown first.
What can happen when CWE-1264 is exploited.
Read Memory, Read Application Data
Affects: Confidentiality
Typically introduced during these phases of the software lifecycle.
Practical mitigations for CWE-1264, grouped by where in the lifecycle they apply.
Thoroughly verify the data routing logic to ensure that any error handling or security checks effectively block illegal dataflows.
Illustrative examples from MITRE showing how the weakness appears in code.
There are several standard on-chip bus protocols used in modern SoCs to allow communication between components. There are a wide variety of commercially available hardware IP implementing the interconnect logic for these protocols. A bus connects components which initiate/request communications such as processors and DMA controllers (bus masters) with peripherals which respond to requests. In a typical system, the privilege level or security designation of the bus master along with the intended functionality of each peripheral determine the security policy specifying which specific bus masters can access specific peripherals. This security policy (commonly referred to as a bus firewall) can be enforced using separate IP/logic from the actual interconnect responsible for the data routing.
Real CVEs that MITRE cites as examples of this weakness.
CAPEC attack patterns that exploit this weakness.
Common questions about CWE-1264.
The hardware logic for error handling and security checks can incorrectly forward data before the security check is complete.
2 recorded CVEs are attributed to CWE-1264, including CVE-2024-21823, CVE-2022-41588.
Thoroughly verify the data routing logic to ensure that any error handling or security checks effectively block illegal dataflows.
Exploiting CWE-1264 can lead to: Read Memory, Read Application Data.
2 recorded CVEs are caused by CWE-1264; none are currently in CISA's KEV catalog of actively exploited flaws.
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Get alerted the moment a new CWE-1264 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.