The firewall in an on-chip fabric protects the main addressed region, but it does not protect any mirrored memory or memory-mapped-IO (MMIO) regions.
View on MITREFew fabrics mirror memory and address ranges, where mirrored regions contain copies of the original data. This redundancy is used to achieve fault tolerance. Whatever protections the fabric firewall implements for the original region should also apply to the mirrored regions. If not, an attacker could bypass existing read/write protections by reading from/writing to the mirrored regions to leak or corrupt the original data.
The fabric firewall should apply the same protections as the original region to the mirrored regions.
The fabric firewall should apply the same protections as the original region to the mirrored regions.
Using an external debugger, send write transactions to mirrored regions to test if original, write-protected regions are modified. Similarly, send read transactions to mirrored regions to test if the original, read-protected signals can be read.
No examples or observed CVEs available for this CWE.
No relationship information available for this CWE.
CWE-1312: Missing Protection for Mirrored Regions in On-Chip Fabric Firewall is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The firewall in an on-chip fabric protects the main addressed region, but it does not protect any mirrored memory or memory-mapped-IO (MMIO) regions. Few fabrics mirror memory and address ranges, where mirrored regions contain copies of the original data. This redundancy is used to achieve fault tolerance. Whatever protections the fabric firewall implements for the original region should also apply to the mirrored regions. If not, an attacker could bypass existing read/write protections by reading from/writing to the mirrored regions to leak or corrupt the original data.
If exploited, CWE-1312 (Missing Protection for Mirrored Regions in On-Chip Fabric Firewall) it can compromise Confidentiality, Integrity and Access Control, leading to outcomes such as Modify Memory, Read Memory and Bypass Protection Mechanism.
Recommended mitigations for CWE-1312 include: The fabric firewall should apply the same protections as the original region to the mirrored regions. The fabric firewall should apply the same protections as the original region to the mirrored regions.
CWE-1312 can be detected using Manual Dynamic Analysis. Combining automated tooling with manual review typically yields the best coverage.
CWE-1312 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
A CWE (Common Weakness Enumeration) like CWE-1312 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.