CWE•Base•Stable•1 recent CVE
CWE-1332Improper Handling of Faults that Lead to Instruction Skips
Description
The device is missing or incorrectly implements circuitry or sensors that detect and mitigate the skipping of security-critical CPU instructions when they occur.
[object Object]
Common consequences
- Confidentiality,Integrity,Authentication→Bypass Protection Mechanism,Alter Execution Logic,Unexpected StateDepending on the context, instruction skipping can have a broad range of consequences related to the generic bypassing of security critical code.
Potential mitigations
- Architecture and DesignDesign strategies for ensuring safe failure if inputs, such as Vcc, are modified out of acceptable ranges.
- Architecture and DesignDesign strategies for ensuring safe behavior if instructions attempt to be skipped.
- Architecture and DesignIdentify mission critical secrets that should be wiped if faulting is detected, and design a mechanism to do the deletion.
- ImplementationAdd redundancy by performing an operation multiple times, either in space or time, and perform majority voting. Additionally, make conditional instruction timing unpredictable.
- ImplementationUse redundant operations or canaries to detect and respond to faults.
- ImplementationEnsure that fault mitigations are strong enough in practice. For example, a low power detection mechanism that takes 50 clock cycles to trigger at lower voltages may be an insufficient security mechanism if the instruction counter has already progressed with no other CPU activity occurring.