Base weakness

Draft

CWE-1312: Missing Protection for Mirrored Regions in On-Chip Fabric Firewall

The firewall in an on-chip fabric protects the main addressed region, but it does not protect any mirrored memory or memory-mapped-IO (MMIO) regions.

Last updated May 1, 2026

1

Recorded CVEs

With this primary weakness

0

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

Few fabrics mirror memory and address ranges, where mirrored regions contain copies of the original data. This redundancy is used to achieve fault tolerance. Whatever protections the fabric firewall implements for the original region should also apply to the mirrored regions. If not, an attacker could bypass existing read/write protections by reading from/writing to the mirrored regions to leak or corrupt the original data.

Real-world CVEs

1 recorded CVEs are caused by CWE-1312 (Missing Protection for Mirrored Regions in On-Chip Fabric Firewall). The highest-severity and most recent are shown first. 1 new CWE-1312 CVE has been recorded so far in 2026.

CVE-2018-25244
Eco Search 1.0.2.0 Denial of Service
Medium · CVSS 6.9
2026-04-04

Common consequences

What can happen when CWE-1312 is exploited.

Modify Memory, Read Memory, Bypass Protection Mechanism

Affects: Confidentiality, Integrity, Access Control

How it happens

When it is introduced

Typically introduced during these phases of the software lifecycle.

Architecture and Design

Implementation

How to prevent it

Practical mitigations for CWE-1312, grouped by where in the lifecycle they apply.

Architecture and Design

The fabric firewall should apply the same protections as the original region to the mirrored regions.

Implementation

The fabric firewall should apply the same protections as the original region to the mirrored regions.

How to detect it

Manual Dynamic Analysis

Using an external debugger, send write transactions to mirrored regions to test if original, write-protected regions are modified. Similarly, send read transactions to mirrored regions to test if the original, read-protected signals can be read.

Effectiveness: High

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

A memory-controller IP block is connected to the on-chip fabric in a System on Chip (SoC). The memory controller is configured to divide the memory into four parts: one original and three mirrored regions inside the memory. The upper two bits of the address indicate which region is being addressed. 00 indicates the original region and 01, 10, and 11 are used to address the mirrored regions. All four regions operate in a lock-step manner and are always synchronized. The firewall in the on-chip fabric is programmed to protect the assets in the memory.

Attack patterns

CAPEC attack patterns that exploit this weakness.

Frequently asked questions

Common questions about CWE-1312.

What is CWE-1312?

The firewall in an on-chip fabric protects the main addressed region, but it does not protect any mirrored memory or memory-mapped-IO (MMIO) regions.

What CVEs are caused by CWE-1312?

1 recorded CVEs are attributed to CWE-1312, including CVE-2018-25244.

How do you prevent CWE-1312?

The fabric firewall should apply the same protections as the original region to the mirrored regions.

How is CWE-1312 detected?

Manual Dynamic Analysis: Using an external debugger, send write transactions to mirrored regions to test if original, write-protected regions are modified. Similarly, send read transactions to mirrored regions to test if the original, read-protected signals can be read.

What are the consequences of CWE-1312?

Exploiting CWE-1312 can lead to: Modify Memory, Read Memory, Bypass Protection Mechanism.

Is CWE-1312 actively exploited?

1 recorded CVEs are caused by CWE-1312; none are currently in CISA's KEV catalog of actively exploited flaws.

References

Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.

Stay ahead of CWE-1312

Get alerted the moment a new CWE-1312 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.

Start free See pricing

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Manual Dynamic Analysis

Code examples

Related weaknesses

Parent

Peer

Attack patterns

Frequently asked questions

What is CWE-1312?

What CVEs are caused by CWE-1312?

How do you prevent CWE-1312?

How is CWE-1312 detected?

What are the consequences of CWE-1312?

Is CWE-1312 actively exploited?

References

Stay ahead of CWE-1312