目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CWE-1257 类漏洞列表 2

CWE-1257 类弱点 2 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-1257 属于硬件访问控制缺陷。当硬件设计中存在内存镜像或别名区域时,若读写权限执行不一致,攻击者可利用此漏洞绕过对受保护内存的直接访问限制,转而通过别名路径读取或写入敏感数据,导致信息泄露或权限提升。开发者应在硬件设计阶段确保所有内存别名和镜像区域严格同步权限策略,并实施统一的访问控制检查,以消除权限不一致带来的安全隐患。

MITRE CWE 官方描述
CWE:CWE-1257 对镜像或别名内存区域应用不当的访问控制 英文:硬件设计中的别名或镜像内存区域可能存在由硬件强制执行的不一致读/写权限。可能的结果是,不受信任的代理被阻止访问某个内存区域,但未被阻止访问对应的别名内存区域。 硬件产品设计通常需实现内存保护功能,使特权软件能够定义隔离的内存区域以及访问控制(读/写)策略。隔离的内存区域可以在设计中的不同内存空间上定义(例如系统物理地址、虚拟地址、内存映射 I/O)。每个内存单元应被映射并分配一个系统地址,供核心软件用于对该内存单元进行读/写操作。可以将同一个内存单元映射到多个系统地址,使得对任何别名系统地址的读/写操作都会被解码到同一个内存单元。这在硬件设计中通常用于冗余和简化地址解码逻辑。如果其中一个内存区域损坏或存在故障,硬件可以切换到使用镜像内存区域中的数据。如果地址解码单元在将较小地址区域映射到完整系统地址时忽略高位地址位,则可以在系统地址图中创建内存别名。此类内存映射中可能存在的一个常见安全弱点是,别名内存区域可能由硬件强制执行不同的读/写访问保护,导致不受信任的代理被阻止访问某个内存地址,但未被阻止访问对应的别名内存地址。这种不一致性随后可能被用于绕过主内存块的访问保护,从而读取或修改受保护的内存。如果不受信任的代理能够更改地址区域的映射或修改内存区域大小,它还可能出于恶意目的在系统地址图中创建内存别名。
常见影响 (3)
ConfidentialityRead Memory
IntegrityModify Memory
AvailabilityDoS: Instability
缓解措施 (2)
Architecture and Design, ImplementationThe checks should be applied for consistency access rights between primary memory regions and any mirrored or aliased memory regions. If different memory protection units (MPU) are protecting the aliased regions, their protected range definitions and policies should be synchronized.
Architecture and Design, ImplementationThe controls that allow enabling memory aliases or changing the size of mapped memory regions should only be programmable by trusted software components.
代码示例 (1)
In a System-on-a-Chip (SoC) design the system fabric uses 16 bit addresses. An IP unit (Unit_A) has 4 kilobyte of internal memory which is mapped into a 16 kilobyte address range in the system fabric address map. System Address Mapped to 0x0000 - 0x3FFF Unit_A registers : 0x0000 - 0x0FFF 0x4000 - 0xFFFF Other IPs & Memory To protect the register controls in Unit_A unprivileged software is blocked…
In this design  the aliased memory address ranges are these: 0x0000 - 0x0FFF 0x1000 - 0x1FFF 0x2000 - 0x2FFF 0x3000 - 0x3FFF The same register can be accessed using four different addresses: 0x0000, 0x1000, 0x2000, 0x3000. The system address filter only blocks access to range 0x0000 - 0x0FFF and does not block access to the aliased addresses in 0x1000 - 0x3FFF range. Thus, untrusted software can leverage the aliased memory addresses to bypass the memory protection.
Bad · Other
In this design the aliased memory addresses (0x1000 - 0x3FFF) could be blocked from all system software access since they are not used by software. Alternately, the MPU logic can be changed to apply the memory protection policies to the full address range mapped to Unit_A (0x0000 - 0x3FFF).
Good · Other
CVE ID标题CVSS风险等级Published
CVE-2025-27032 Qualcomm Chipsets 安全漏洞 — Snapdragon 7.8 High2025-09-24
CVE-2025-36600 Dell Client Platform BIOS 安全漏洞 — Client Platform BIOS 8.2 High2025-07-08

CWE-1257 是常见的弱点类别,本平台收录该类弱点关联的 2 条 CVE 漏洞。