Dark Mode

Settings

Capec-679 Detail

Exploitation of Improperly Configured or Implemented Memory Protections

Detailed Hardware Hardware Likelihood: Medium Typical Severity: Very High

Parents: 1 180

Threats: T275 T286 T336 T390 T394 T405

Description

An adversary takes advantage of missing or incorrectly configured access control within memory to read/write data or inject malicious code into said memory.

Extended Description

Hardware product designs often need to implement memory protection features to prevent users from reading and modifying memory reserved for security operations such as secure booting, authenticating code, device attestation, and more. However, these protection features may be missing if not configured by developers. For example, this can occur if the developers assume these features are configured elsewhere. Additionally, developers often attempt to impose proper protection features, but may incorrectly configure these controls. One such example would be setting controls with insufficient granularity for protected address regions. If an adversary is able to discover improper access controls surrounding memory, it could result in the adversary obtaining sensitive data, executing code, circumventing security mechanisms, escalating privileges, or even denying service to higher privilege software.
External ID Source Link Description
CAPEC-679 capec https://capec.mitre.org/data/definitions/679.html
CWE-1222 cwe http://cwe.mitre.org/data/definitions/1222.html
CWE-1252 cwe http://cwe.mitre.org/data/definitions/1252.html
CWE-1257 cwe http://cwe.mitre.org/data/definitions/1257.html
CWE-1260 cwe http://cwe.mitre.org/data/definitions/1260.html
CWE-1274 cwe http://cwe.mitre.org/data/definitions/1274.html
CWE-1282 cwe http://cwe.mitre.org/data/definitions/1282.html
CWE-1312 cwe http://cwe.mitre.org/data/definitions/1312.html
CWE-1316 cwe http://cwe.mitre.org/data/definitions/1316.html
CWE-1326 cwe http://cwe.mitre.org/data/definitions/1326.html
REF-687 reference_from_CAPEC https://developer.arm.com/ip-products/processors/cortex-m/cortex-m4 Cortex-R4 Manual, ARM
REF-668 reference_from_CAPEC https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.6-Testing_for_NoSQL_Injection Testing for NoSQL Injection, The OWASP Foundation
REF-689 reference_from_CAPEC https://static.docs.arm.com/100699/0100/armv8m_architecture_memory_protection_unit_100699_0100_00_en.pdf Memory Protection Unit (MPU), ARM
REF-690 reference_from_CAPEC https://github.com/xoreaxeaxeax/sinkhole/blob/master/us-15-Domas-TheMemorySinkhole-wp.pdf Christopher Domas, The Memory Sinkhole, 2015--07---20
REF-691 reference_from_CAPEC https://www.fujitsu.com/jp/documents/products/software/os/linux/catalog/LinuxConJapan2016-Izumi.pdf Address Range Memory Mirroring, 2016--07---13, Taku Izumi, Fujitsu Limited
REF-692 reference_from_CAPEC https://www.c7zero.info/stuff/REConBrussels2017_BARing_the_system.pdf Yuriy Bulygin, Oleksandr Bazhaniuk, Andrew Furtak, John Loucaides, Mikhail Gorobets, BARing the System – New vulnerabilities in Coreboot & UEFI-based Systems, 2017

Not present

  1. Access to the hardware being leveraged.

Not present

High Medium
Intricate knowledge of memory structures.
Ability to craft malicious code to inject into the memory region.
Integrity Availability Authorization Access Control Confidentiality
Modify Data Execute Unauthorized Commands (Run Arbitrary Code) Gain Privileges Gain Privileges Read Data
Execute Unauthorized Commands (Run Arbitrary Code) Execute Unauthorized Commands (Run Arbitrary Code)
Gain Privileges
  1. A hardware product contains non-volatile memory, which itself contains boot code that is insufficiently protected. An adversary then modifies this memory to either bypass the secure boot process or to execute their own code.
  2. A hardware product leverages a CPU that does not possess a memory-protection unit (MPU) and a memory-management unit (MMU) nor a special bit to support write exclusivity, resulting in no write exclusivity. Because of this, an adversary is able to inject malicious code into the memory and later execute it to achieve the desired outcome.

We use cookies to ensure you get the best experience on our website.