CWE-1244: Internal Asset Exposed to Unsafe Debug Access Level or State

Description

The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal asset, providing unintended access to the asset from untrusted debug agents.

Submission Date :

Feb. 12, 2020, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

Intel Corporation

Extended Description

Debug authorization can have multiple levels of access, defined such that different system internal assets are accessible based on the current authorized debug level. Other than debugger authentication (e.g., using passwords or challenges), the authorization can also be based on the system state or boot stage. For example, full system debug access might only be allowed early in boot after a system reset to ensure that previous session data is not accessible to the authenticated debugger.

If this protection mechanism does not ensure that internal assets have the correct debug access level during each boot stage or change in system state, an attacker could obtain sensitive information from the internal asset using a debugger.

Example Vulnerable Codes

Example - 1

The JTAG interface is used to perform debugging and provide CPU core access for developers. JTAG-access protection is implemented as part of the JTAG_SHIELD bit in the hw_digctl_ctrl register. This register has no default value at power up and is set only after the system boots from ROM and control is transferred to the user software.

<xhtml_table><xhtml_tbody><xhtml_tr><xhtml_td>1 bit</xhtml_td><xhtml_td>0x0 = JTAG debugger is enabled (default)</xhtml_td></xhtml_tr><xhtml_tr><xhtml_td>JTAG_SHIELD</xhtml_td><xhtml_td>0x1 = JTAG debugger is disabled</xhtml_td></xhtml_tr></xhtml_tbody></xhtml_table>

This means that since the end user has access to JTAG at system reset and during ROM code execution before control is transferred to user software, a JTAG user can modify the boot flow and subsequently disclose all CPU information, including data-encryption keys.

The default value of this register bit should be set to 1 to prevent the JTAG from being enabled at system reset.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-863: Incorrect Authorization

Go to

Visit http://cwe.mitre.org/ for more details.