Search
Weaknesses
| CWE | Weakness | Actions |
|---|---|---|
| CWE-707 |
Improper Neutralization
The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component. |
|
| CWE-1323 |
Improper Management of Sensitive Trace Data
Trace data collected from several sources on the System-on-Chip (SoC) is stored in unprotected locations or transported to untrusted agents. |
|
| CWE-667 |
Improper Locking
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors. |
|
| CWE-1232 |
Improper Lock Behavior After Power State Transition
Register lock bit protection disables changes to system configuration once the bit is set. Some of the protected registers or lock bits become programmable after power state transitions (e.g., Entry and wake from low power sleep modes) causing the system configuration to be changeable. |
|
| CWE-59 |
Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
|
| CWE-22 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
|
| CWE-653 |
Improper Isolation or Compartmentalization
The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions. |
|
| CWE-1189 |
Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
The System-On-a-Chip (SoC) does not properly isolate shared resources between trusted and untrusted agents. |
|
| CWE-1331 |
Improper Isolation of Shared Resources in Network On Chip (NoC)
The Network On Chip (NoC) does not isolate or incorrectly isolates its on-chip-fabric and internal resources such that they are shared between trusted and untrusted agents, creating timing channels. |
|
| CWE-435 |
Improper Interaction Between Multiple Correctly-Behaving Entities
An interaction error occurs when two entities have correct behavior when running independently of each other, but when they are integrated as components in a larger system or process, they introduce incorrect behaviors that may cause resultant weaknesses. |
|
| CWE-20 |
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
|
| CWE-665 |
Improper Initialization
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used. |
|
| CWE-1192 |
Improper Identifier for IP Block used in System-On-Chip (SOC)
The System-on-Chip (SoC) does not have unique, immutable identifiers for each of its components. |
|
| CWE-67 |
Improper Handling of Windows Device Names
The product constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a Windows device name such as AUX or CON. This typically leads to denial of service or an information exposure when the application attempts to process the pathname as a regular file. |
|
| CWE-69 |
Improper Handling of Windows ::DATA Alternate Data Stream
The product does not properly prevent access to, or detect usage of, alternate data streams (ADS). |
|
| CWE-229 |
Improper Handling of Values
The product does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined. |
|
| CWE-176 |
Improper Handling of Unicode Encoding
The product does not properly handle when an input contains Unicode encoding. |
|
| CWE-241 |
Improper Handling of Unexpected Data Type
The product does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but is provided with a letter (A-Z). |
|
| CWE-232 |
Improper Handling of Undefined Values
The product does not handle or incorrectly handles when a value is not defined or supported for the associated parameter, field, or argument name. |
|
| CWE-236 |
Improper Handling of Undefined Parameters
The product does not handle or incorrectly handles when a particular parameter, field, or argument name is not defined or supported by the product. |