CWE-1315: Improper Setting of Bus Controlling Capability in Fabric End-point

The bus controller enables bits in the fabric end-point to allow responder devices to control transactions on the fabric.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

To support reusability, certain fabric interfaces and end points provide a configurable register bit that allows IP blocks connected to the controller to access other peripherals connected to the fabric. This allows the end point to be used with devices that function as a controller or responder. If this bit is set by default in hardware, or if firmware incorrectly sets it later, a device intended to be a responder on a fabric is now capable of controlling transactions to other devices and might compromise system security.

CWE-1315: Improper Setting of Bus Controlling Capability in Fabric End-point

Overview

Common consequences

How it happens

When it is introduced

How to prevent it

Code examples

Attack patterns

Frequently asked questions

What is CWE-1315?

How do you prevent CWE-1315?

What are the consequences of CWE-1315?

References

Stay ahead of CWE-1315

Overview

Common consequences

How it happens

When it is introduced

How to prevent it

Code examples

Related weaknesses

Parent

Attack patterns

Frequently asked questions

What is CWE-1315?

How do you prevent CWE-1315?

What are the consequences of CWE-1315?

References

Stay ahead of CWE-1315