CWE-1189

Improper Isolation of Shared Resources on System-on-a-Chip (SoC)

Base

Stable

Description

The System-On-a-Chip (SoC) does not properly isolate shared resources between trusted and untrusted agents.

{"xhtml:p":["A System-On-a-Chip (SoC) has a lot of functionality, but it may have a limited number of pins or pads. A pin can only perform one function at a time. However, it can be configured to perform multiple different functions. This technique is called pin multiplexing. Similarly, several resources on the chip may be shared to multiplex and support different features or functions. When such resources are shared between trusted and untrusted agents, untrusted agents may be able to access the assets intended to be accessed only by the trusted agents."]}

Parent Weaknesses (ChildOf)

CWE-653: Improper Isolation or Compartm...

CWE-668: Exposure of Resource to Wrong ...

Related Weaknesses

CWE-1331 (PeerOf)

Common Consequences

Scope

Access Control

Impact

Bypass Protection Mechanism

Scope

Integrity

Impact

Quality Degradation

Potential Mitigations

Architecture and Design

When sharing resources, avoid mixing agents of varying trust levels. Untrusted agents should not share resources with trusted agents.

CVE-2020-8698

Processor has improper isolation of shared resources allowing for information disclosure.

CVE-2019-6260

Baseboard Management Controller (BMC) device implements Advanced High-performance Bus (AHB) bridges that do not require authentication for arbitrary read and write access to the BMC's physical address space from the host, and possibly the network [REF-1138].

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now