CWE-1304: CWE-1304: Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation
Description
View on MITREExtended Description
Extended Description
Technical Details
- Structure
- Simple
- Vulnerability Mapping
- ALLOWED
Applicable To
Security Consequences
Scope
Impact
Mitigation Strategies
Phase
Description
Inside the IP, incorporate integrity checking on the configuration state via a cryptographic hash. The hash can be protected inside the IP such as by storing it in internal registers which never lose power. Before powering down, the IP performs a hash of the configuration and saves it in these persistent registers. Upon restore, the IP performs a hash of the saved configuration and compares it with the saved hash. If they do not match, then the IP should not trust the configuration.
Phase
Description
Outside the IP, incorporate integrity checking of the configuration state via a trusted agent. Before powering down, the trusted agent performs a hash of the configuration and saves the hash in persistent storage. Upon restore, the IP requests the trusted agent validate its current configuration. If the configuration hash is invalid, then the IP should not trust the configuration.
Phase
Description
Outside the IP, incorporate a protected environment that prevents undetected modification of the configuration state by untrusted agents. Before powering down, a trusted agent saves the IP's configuration state in this protected location that only it is privileged to. Upon restore, the trusted agent loads the saved state into the IP.
Detection Methods
No detection method information available for this CWE.
Code Examples & CVEs
No examples or observed CVEs available for this CWE.
CWE Relationships
No relationship information available for this CWE.
Frequently Asked Questions
What is CWE-1304: CWE-1304: Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation?+
CWE-1304: CWE-1304: Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation is a Common Weakness Enumeration (CWE) entry maintained by MITRE. Description Extended Description
What are the security consequences of CWE-1304: Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation?+
If exploited, CWE-1304 (CWE-1304: Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation) it can compromise DoS: Instability, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (Other) and Gain Privileges or Assume Identity, leading to outcomes such as Scope: Confidentiality and Integrity Likelihood: High.
How do you prevent or mitigate CWE-1304: Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation?+
Recommended mitigations for CWE-1304 include: Inside the IP, incorporate integrity checking on the configuration state via a cryptographic hash. The hash can be protected inside the IP such as by storing it in internal registers which never lose power. Before powering down, the IP performs a hash of the configuration and saves it in these persistent registers. Upon restore, the IP performs a hash of the saved configuration and compares it with the saved hash. If they do not match, then the IP should not trust the configuration. Outside the IP, incorporate integrity checking of the configuration state via a trusted agent. Before powering down, the trusted agent performs a hash of the configuration and saves the hash in persistent storage. Upon restore, the IP requests the trusted agent validate its current configuration. If the configuration hash is invalid, then the IP should not trust the configuration. Outside the IP, incorporate a protected environment that prevents undetected modification of the configuration state by untrusted agents. Before powering down, a trusted agent saves the IP's configuration state in this protected location that only it is privileged to. Upon restore, the trusted agent loads the saved state into the IP.
Which programming languages are affected by CWE-1304: Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation?+
CWE-1304 commonly affects Languages. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
What is the difference between a CWE and a CVE?+
A CWE (Common Weakness Enumeration) like CWE-1304 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.