CWE-1190: DMA Device Enabled Too Early in Boot Phase

Description

The product enables a Direct Memory Access (DMA) capable device before the security configuration settings are established, which allows an attacker to extract data from or gain privileges on the product.

DMA is included in a number of devices because it allows data transfer between the computer and the connected device, using direct hardware access to read or write directly to main memory without any OS interaction. An attacker could exploit this to access secrets. Several virtualization-based mitigations have been introduced to thwart DMA attacks. These are usually configured/setup during boot time. However, certain IPs that are powered up before boot is complete (known as early boot IPs) may be DMA capable. Such IPs, if not trusted, could launch DMA attacks and gain access to assets that should otherwise be protected.

Potential Impact

Mitigations & Prevention

Related Weaknesses

Frequently Asked Questions

What is CWE-1190?

CWE-1190 (DMA Device Enabled Too Early in Boot Phase) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product enables a Direct Memory Access (DMA) capable device before the security configuration settings are established, which allows an attacker to extract data from or gain privileges on the prod...

How can CWE-1190 be exploited?

Attackers can exploit CWE-1190 (DMA Device Enabled Too Early in Boot Phase) to bypass protection mechanism, modify memory. This weakness is typically introduced during the Architecture and Design phase of software development.

How do I prevent CWE-1190?

Key mitigations include: Utilize an IOMMU to orchestrate IO access from the start of the boot process.

What is the severity of CWE-1190?

CWE-1190 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.