CWE-1223: Race Condition for Write-Once Attributes

BaseIncomplete

A write-once register in hardware design is programmable by an untrusted software component earlier than the trusted software component, resulting in a race condition issue.

View on MITRE
Back to CWE Lookup

Extended Description

Integrated circuits and hardware IP software programmable controls and settings are commonly stored in register circuits. These register contents have to be initialized at hardware reset to defined default values that are hard coded in the hardware description language (HDL) code of the hardware unit. A common security protection method used to protect register settings from modification by software is to make them write-once. This means the hardware implementation only allows writing to such registers once, and they become read-only after having been written once by software. This is useful to allow initial boot software to configure systems settings to secure values while blocking runtime software from modifying such hardware settings. Implementation issues in hardware design of such controls can expose such registers to a race condition security flaw. For example, consider a hardware design that has two different software/firmware modules executing in parallel. One module is trusted (module A) and another is untrusted (module B). In this design it could be possible for Module B to send write cycles to the write-once register before Module A. Since the field is write-once the programmed value from Module A will be ignored and the pre-empted value programmed by Module B will be used by hardware.

Technical Details

Structure
Simple

Applicable To

Languages
VerilogVHDL
Platforms

Frequently Asked Questions

What is CWE-1223: Race Condition for Write-Once Attributes?+

CWE-1223: Race Condition for Write-Once Attributes is a Common Weakness Enumeration (CWE) entry maintained by MITRE. A write-once register in hardware design is programmable by an untrusted software component earlier than the trusted software component, resulting in a race condition issue. Integrated circuits and hardware IP software programmable controls and settings are commonly stored in register circuits. These register contents have to be initialized at hardware reset to defined default values that are hard coded in the hardware description language (HDL) code of the hardware unit. A common security protection method used to protect register settings from modification by software is to make them write-once. This means the hardware implementation only allows writing to such registers once, and they become read-only after having been written once by software. This is useful to allow initial boot software to configure systems settings to secure values while blocking runtime software from modifying such hardware settings. Implementation issues in hardware design of such controls can expose such registers to a race condition security flaw. For example, consider a hardware design that has two different software/firmware modules executing in parallel. One module is trusted (module A) and another is untrusted (module B). In this design it could be possible for Module B to send write cycles to the write-once register before Module A. Since the field is write-once the programmed value from Module A will be ignored and the pre-empted value programmed by Module B will be used by hardware.

What are the security consequences of Race Condition for Write-Once Attributes?+

If exploited, CWE-1223 (Race Condition for Write-Once Attributes) it can compromise Access Control, leading to outcomes such as Bypass Protection Mechanism.

How do you prevent or mitigate Race Condition for Write-Once Attributes?+

Recommended mitigations for CWE-1223 include: During hardware design all register write-once or sticky fields must be evaluated for proper configuration. The testing phase should use automated tools to test that values are not reprogrammable and that write-once fields lock on writing zeros.

Which programming languages are affected by Race Condition for Write-Once Attributes?+

CWE-1223 commonly affects Verilog and VHDL. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-1223 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More