CWE-1190: DMA Device Enabled Too Early in Boot Phase

BaseDraft

The product enables a Direct Memory Access (DMA) capable device before the security configuration settings are established, which allows an attacker to extract data from or gain privileges on the product.

View on MITRE
Back to CWE Lookup

Extended Description

DMA is included in a number of devices because it allows data transfer between the computer and the connected device, using direct hardware access to read or write directly to main memory without any OS interaction. An attacker could exploit this to access secrets. Several virtualization-based mitigations have been introduced to thwart DMA attacks. These are usually configured/setup during boot time. However, certain IPs that are powered up before boot is complete (known as early boot IPs) may be DMA capable. Such IPs, if not trusted, could launch DMA attacks and gain access to assets that should otherwise be protected.

Technical Details

Structure
Simple

Applicable To

Languages
Not Language-Specific
Platforms

Frequently Asked Questions

What is CWE-1190: DMA Device Enabled Too Early in Boot Phase?+

CWE-1190: DMA Device Enabled Too Early in Boot Phase is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product enables a Direct Memory Access (DMA) capable device before the security configuration settings are established, which allows an attacker to extract data from or gain privileges on the product. DMA is included in a number of devices because it allows data transfer between the computer and the connected device, using direct hardware access to read or write directly to main memory without any OS interaction. An attacker could exploit this to access secrets. Several virtualization-based mitigations have been introduced to thwart DMA attacks. These are usually configured/setup during boot time. However, certain IPs that are powered up before boot is complete (known as early boot IPs) may be DMA capable. Such IPs, if not trusted, could launch DMA attacks and gain access to assets that should otherwise be protected.

What are the security consequences of DMA Device Enabled Too Early in Boot Phase?+

If exploited, CWE-1190 (DMA Device Enabled Too Early in Boot Phase) it can compromise Access Control, leading to outcomes such as Bypass Protection Mechanism and Modify Memory.

How do you prevent or mitigate DMA Device Enabled Too Early in Boot Phase?+

Recommended mitigations for CWE-1190 include: Utilize an IOMMU to orchestrate IO access from the start of the boot process.

Which programming languages are affected by DMA Device Enabled Too Early in Boot Phase?+

CWE-1190 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-1190 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More