CWE-1281
Sequence of Processor Instructions Leads to Unexpected Behavior
Description
Specific combinations of processor instructions lead to undesirable behavior such as locking the processor until a hard reset performed.
{"xhtml:p":["If the instruction set architecture (ISA) and processor logic are not designed carefully and tested thoroughly, certain combinations of instructions may lead to locking the processor or other unexpected and undesirable behavior. Upon encountering unimplemented instruction opcodes or illegal instruction operands, the processor should throw an exception and carry on without negatively impacting security. However, specific combinations of legal and illegal instructions may cause unexpected behavior with security implications such as allowing unprivileged programs to completely lock the CPU. \n "]}
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Varies by Context
Potential Mitigations
Implement a rigorous testing strategy that incorporates randomization to explore instruction sequences that are unlikely to appear in normal workloads in order to identify halt and catch fire instruction sequences.
Patch operating system to avoid running Halt and Catch Fire type sequences or to mitigate the damage caused by unexpected behavior. See [REF-1108].
CVE-2021-26339A bug in AMD CPU's core logic allows a potential DoS by using a specific x86 instruction sequence to hang the processor
CVE-1999-1476A bug in some Intel Pentium processors allow DoS (hang) via an invalid "CMPXCHG8B" instruction, causing a deadlock
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now