CWE-1245: Improper Finite State Machines (FSMs) in Hardware Logic
Description
Faulty finite state machines (FSMs) in the hardware logic allow an attacker to put the system in an undefined state, to cause a denial of service (DoS) or gain privileges on the victim's system.
Submission Date :
Feb. 12, 2020, midnight
Modification Date :
2023-06-29 00:00:00+00:00
Organization :
The Intel Corporation
Extended Description
The functionality and security of the system heavily depend on the implementation of FSMs. FSMs can be used to indicate the current security state of the system. Lots of secure data operations and data transfers rely on the state reported by the FSM. Faulty FSM designs that do not account for all states, either through undefined states (left as don't cares) or through incorrect implementation, might lead an attacker to drive the system into an unstable state from which the system cannot recover without a reset, thus causing a DoS. Depending on what the FSM is used for, an attacker might also gain additional privileges to launch further attacks and compromise the security guarantees.
Example - 1
The Finite State Machine (FSM) shown in the "bad" code snippet below assigns the output ("out") based on the value of state, which is determined based on the user provided input ("user_input").
state = 3'h0;
3'h0:3'h1:3'h2:3'h3: state = 2'h3;3'h4: state = 2'h2;3'h5: state = 2'h1;if (!rst_n)elsecase (user_input)endcase
beginendout <= {1'h1, state};module fsm_1(out, user_input, clk, rst_n);input [2:0] user_input; input clk, rst_n;output reg [2:0] out;reg [1:0] state;always @ (posedge clk or negedge rst_n )endmodule
<xhtml_b>default: state = 2'h0;</xhtml_b>3'h0:3'h1:3'h2:3'h3: state = 2'h3;3'h4: state = 2'h2;3'h5: state = 2'h1;case (user_input)endcase
Related Weaknesses
This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.
Visit http://cwe.mitre.org/ for more details.