CWE-1244: Internal Asset Exposed to Unsafe Debug Access Level or State

Description

The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal asset, providing unintended access to the asset from untrusted debug agents.

Debug authorization can have multiple levels of access, defined such that different system internal assets are accessible based on the current authorized debug level. Other than debugger authentication (e.g., using passwords or challenges), the authorization can also be based on the system state or boot stage. For example, full system debug access might only be allowed early in boot after a system reset to ensure that previous session data is not accessible to the authenticated debugger.

Potential Impact

Confidentiality

Read Memory

Integrity

Modify Memory

Authorization, Access Control

Gain Privileges or Assume Identity, Bypass Protection Mechanism

Demonstrative Examples

The JTAG interface is used to perform debugging and provide CPU core access for developers. JTAG-access protection is implemented as part of the JTAG_SHIELD bit in the hw_digctl_ctrl register. This register has no default value at power up and is set only after the system boots from ROM and control is transferred to the user software.

Bad

1 bit
                                    0x0 = JTAG debugger is enabled (default)
                                
                                
                                    JTAG_SHIELD
                                    0x1 = JTAG debugger is disabled

This means that since the end user has access to JTAG at system reset and during ROM code execution before control is transferred to user software, a JTAG user can modify the boot flow and subsequently disclose all CPU information, including data-encryption keys.

Informative

The default value of this register bit should be set to 1 to prevent the JTAG from being enabled at system reset.

The example code below is taken from the CVA6 processor core of the HACK@DAC'21 buggy OpenPiton SoC. Debug access allows users to access internal hardware registers that are otherwise not exposed for user access or restricted access through access control protocols. Hence, requests to enter debug mode are checked and authorized only if the processor has sufficient privileges. In addition, debug accesses are also locked behind password checkers. Thus, the processor enters debug mode only when the privilege level requirement is met, and the correct debug password is provided.

The following code [REF-1377] illustrates an instance of a vulnerable implementation of debug mode. The core correctly checks if the debug requests have sufficient privileges and enables the debug_mode_d and debug_mode_q signals. It also correctly checks for debug password and enables umode_i signal.

Bad

module csr_regfile #(
                    ...
                        
                        // check that we actually want to enter debug depending on the privilege level we are currently in
                        unique case (priv_lvl_o)
                            
                            riscv::PRIV_LVL_M: begin
                                
                                debug_mode_d = dcsr_q.ebreakm;
                                
                            
                        
                    ...
                        
                            
                            riscv::PRIV_LVL_U: begin
                                
                                debug_mode_d = dcsr_q.ebreaku;
                                
                            
                        
                    ...
                        
                        assign priv_lvl_o = (debug_mode_q || umode_i) ?  riscv::PRIV_LVL_M : priv_lvl_q;
                        
                    ...
                        
                        debug_mode_q  <= debug_mode_d;
                        
                    ...

However, it grants debug access and changes the privilege level, priv_lvl_o, even when one of the two checks is satisfied and the other is not. Because of this, debug access can be granted by simply requesting with sufficient privileges (i.e., debug_mode_q is enabled) and failing the password check (i.e., umode_i is disabled). This allows an attacker to bypass the debug password checking and gain debug access to the core, compromising the security of the processor.

A fix to this issue is to only change the privilege level of the processor when both checks are satisfied, i.e., the request has enough privileges (i.e., debug_mode_q is enabled) and the password checking is successful (i.e., umode_i is enabled) [REF-1378].

Good

module csr_regfile #(
                    ...
                        
                        // check that we actually want to enter debug depending on the privilege level we are currently in
                        unique case (priv_lvl_o)
                            
                            riscv::PRIV_LVL_M: begin
                                
                                debug_mode_d = dcsr_q.ebreakm;
                                
                            
                        
                    ...
                        
                            
                            riscv::PRIV_LVL_U: begin
                                
                                debug_mode_d = dcsr_q.ebreaku;
                                
                            
                        
                    ...
                        
                        assign priv_lvl_o = (debug_mode_q && umode_i) ? riscv::PRIV_LVL_M : priv_lvl_q;
                        
                    ...
                        
                        debug_mode_q  <= debug_mode_d;
                        
                    ...

Mitigations & Prevention

Architecture and DesignImplementation High

For security-sensitive assets accessible over debug/test interfaces, only allow trusted agents.

Architecture and Design Limited

Apply blinding [REF-1219] or masking techniques in strategic areas.

Implementation Limited

Add shielding or tamper-resistant protections to the device, which increases the difficulty and cost for accessing debug/test interfaces.

Detection Methods

Manual Analysis Moderate — Check 2 devices for their passcode to authenticate access to JTAG/debugging ports. If the passcodes are missing or the same, update the design to fix and retest. Check communications over JTAG/debugging ports for encryption. If the communications are not encrypted, fix the design and retest.

Real-World CVE Examples

CVE ID	Description
CVE-2019-18827	After ROM code execution, JTAG access is disabled. But before the ROM code is executed, JTAG access is possible, allowing a user full system access. This allows a user to modify the boot flow and suc

Frequently Asked Questions

What is CWE-1244?

CWE-1244 (Internal Asset Exposed to Unsafe Debug Access Level or State) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal asset, providing unintend...

How can CWE-1244 be exploited?

Attackers can exploit CWE-1244 (Internal Asset Exposed to Unsafe Debug Access Level or State) to read memory. This weakness is typically introduced during the Architecture and Design, Implementation phase of software development.

How do I prevent CWE-1244?

Key mitigations include: For security-sensitive assets accessible over debug/test interfaces, only allow trusted agents.

What is the severity of CWE-1244?

CWE-1244 is classified as a Base-level weakness (Medium abstraction). It has been observed in 1 real-world CVEs.