CWE-1323: Improper Management of Sensitive Trace Data
Trace data collected from several sources on the System-on-Chip (SoC) is stored in unprotected locations or transported to untrusted agents.
Last updated
Overview
To facilitate verification of complex System-on-Chip (SoC) designs, SoC integrators add specific IP blocks that trace the SoC's internal signals in real-time. This infrastructure enables observability of the SoC's internal behavior, validation of its functional design, and detection of hardware and software bugs. Such tracing IP blocks collect traces from several sources on the SoC including the CPU, crypto coprocessors, and on-chip fabrics. Traces collected from these sources are then aggregated inside trace IP block and forwarded to trace sinks, such as debug-trace ports that facilitate debugging by external hardware and software debuggers. Since these traces are collected from several security-sensitive sources, they must be protected against untrusted debuggers. If they are stored in unprotected memory, an untrusted software debugger can access these traces and extract secret information. Additionally, if security-sensitive traces are not tagged as secure, an untrusted hardware debugger might access them to extract confidential information.
Real-world CVEs
2 recorded CVEs are caused by CWE-1323 (Improper Management of Sensitive Trace Data). The highest-severity and most recent are shown first. 0 new CWE-1323 CVEs have been recorded so far in 2026 (2 in 2025).
Common consequences
What can happen when CWE-1323 is exploited.
Read Memory
Affects: Confidentiality
An adversary can read secret values if they are captured in debug traces and stored unsafely.
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Applies to
Technologies
How to prevent it
Practical mitigations for CWE-1323, grouped by where in the lifecycle they apply.
Tag traces to indicate owner and debugging privilege level (designer, OEM, or end user) needed to access that trace.
Code examples
Illustrative examples from MITRE showing how the weakness appears in code.
In a SoC, traces generated from sources include security-sensitive IP blocks such as CPU (with tracing information such as instructions executed and memory operands), on-chip fabric (e.g., memory-transfer signals, transaction type and destination, and on-chip-firewall-error signals), power-management IP blocks (e.g., clock- and power-gating signals), and cryptographic coprocessors (e.g., cryptographic keys and intermediate values of crypto operations), among other non-security-sensitive IP blocks including timers and other functional blocks. The collected traces are then forwarded to the debug and trace interface used by the external hardware debugger.
Attack patterns
CAPEC attack patterns that exploit this weakness.
Frequently asked questions
Common questions about CWE-1323.
- What is CWE-1323?
- Trace data collected from several sources on the System-on-Chip (SoC) is stored in unprotected locations or transported to untrusted agents.
- What CVEs are caused by CWE-1323?
- 2 recorded CVEs are attributed to CWE-1323, including CVE-2024-49338, CVE-2024-54173.
- How do you prevent CWE-1323?
- Tag traces to indicate owner and debugging privilege level (designer, OEM, or end user) needed to access that trace.
- What are the consequences of CWE-1323?
- Exploiting CWE-1323 can lead to: Read Memory.
- Is CWE-1323 actively exploited?
- 2 recorded CVEs are caused by CWE-1323; none are currently in CISA's KEV catalog of actively exploited flaws.
References
- MITRE CWE definition (CWE-1323) (opens in a new tab)
- CWE-1323 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-1323
Get alerted the moment a new CWE-1323 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.