1. Home
  2. CWE Database
  3. CWE-1312
Base · Medium

CWE-1312: Missing Protection for Mirrored Regions in On-Chip Fabric Firewall

The firewall in an on-chip fabric protects the main addressed region, but it does not protect any mirrored memory or memory-mapped-IO (MMIO) regions.

CWE-1312 · Base Level ·2 Mitigations

Description

The firewall in an on-chip fabric protects the main addressed region, but it does not protect any mirrored memory or memory-mapped-IO (MMIO) regions.

Few fabrics mirror memory and address ranges, where mirrored regions contain copies of the original data. This redundancy is used to achieve fault tolerance. Whatever protections the fabric firewall implements for the original region should also apply to the mirrored regions. If not, an attacker could bypass existing read/write protections by reading from/writing to the mirrored regions to leak or corrupt the original data.

Potential Impact

Confidentiality, Integrity, Access Control

Modify Memory, Read Memory, Bypass Protection Mechanism

Demonstrative Examples

A memory-controller IP block is connected to the on-chip fabric in a System on Chip (SoC). The memory controller is configured to divide the memory into four parts: one original and three mirrored regions inside the memory. The upper two bits of the address indicate which region is being addressed. 00 indicates the original region and 01, 10, and 11 are used to address the mirrored regions. All four regions operate in a lock-step manner and are always synchronized. The firewall in the on-chip fabric is programmed to protect the assets in the memory.
The firewall only protects the original range but not the mirrored regions.
The attacker (as an unprivileged user) sends a write transaction to the mirrored region. The mirrored region has an address with the upper two bits set to "10" and the remaining bits of the address pointing to an asset. The firewall does not block this write transaction. Once the write is successful, contents in the protected-memory region are also updated. Thus, the attacker can bypass existing, memory protections.
Firewall should protect mirrored regions.

Mitigations & Prevention

Architecture and Design

The fabric firewall should apply the same protections as the original region to the mirrored regions.

Implementation

The fabric firewall should apply the same protections as the original region to the mirrored regions.

Detection Methods

  • Manual Dynamic Analysis High — Using an external debugger, send write transactions to mirrored regions to test if original, write-protected regions are modified. Similarly, send read transactions to mirrored regions to test if the original, read-protected signals can be read.

CWE-284: Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-1251: Mirrored Regions with Different Values

The product's architecture mirrors regions without ensuring that their contents always stay in sync.

Frequently Asked Questions

What is CWE-1312?

CWE-1312 (Missing Protection for Mirrored Regions in On-Chip Fabric Firewall) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The firewall in an on-chip fabric protects the main addressed region, but it does not protect any mirrored memory or memory-mapped-IO (MMIO) regions.

How can CWE-1312 be exploited?

Attackers can exploit CWE-1312 (Missing Protection for Mirrored Regions in On-Chip Fabric Firewall) to modify memory, read memory, bypass protection mechanism. This weakness is typically introduced during the Architecture and Design, Implementation phase of software development.

How do I prevent CWE-1312?

Key mitigations include: The fabric firewall should apply the same protections as the original region to the mirrored regions.

What is the severity of CWE-1312?

CWE-1312 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.