CWE-1314: Missing Write Protection for Parametric Data Values
The device does not write-protect the parametric data values for sensors that scale the sensor value, allowing untrusted software to manipulate the apparent result and potentially damage hardware or cause operational failure.
View on MITREExtended Description
Various sensors are used by hardware to detect any devices operating outside of the design limits. The threshold limit values are set by hardware fuses or trusted software such as the BIOS. These limits may be related to thermal, power, voltage, current, and frequency. Hardware mechanisms may be used to protect against alteration of the threshold limit values by untrusted software. The limit values are generally programmed in standard units for the type of value being read. However, the hardware-sensor blocks may report the settings in different units depending upon sensor design and operation. The raw sensor output value is converted to the desired units using a scale conversion based on the parametric data programmed into the sensor. The final converted value is then compared with the previously programmed limits. While the limit values are usually protected, the sensor parametric data values may not be. By changing the parametric data, safe operational limits may be bypassed.
Technical Details
- Structure
- Simple
Applicable To
Security Consequences
Scope
Impact
Likelihood
HighSensor value manipulation, particularly thermal or power, may allow physical damage to occur or disabling of the device by a false fault shutdown causing a Denial-Of-Service.
Mitigation Strategies
Phase
Description
Access controls for sensor blocks should ensure that only trusted software is allowed to change threshold limits and sensor parametric data.
Effectiveness
HighDetection Methods
No detection method information available for this CWE.
Code Examples & CVEs
Demonstrative Examples
Malicious software executes instructions to increase power consumption to the highest possible level while causing the clock frequency to increase to its maximum value. Such a program executing for an extended period of time would likely overheat the device, possibly resulting in permanent damage to the device. A ring, oscillator-based temperature sensor will generally report the sensed value as oscillator frequency rather than degrees centigrade. The temperature sensor will have calibration values that are used to convert the detected frequency into the corresponding temperature in degrees centigrade. Consider a SoC design where the critical maximum temperature limit is set in fuse values to 100C and is not modifiable by software. If the scaled thermal sensor output equals or exceeds this limit, the system is commanded to shut itself down. The thermal sensor calibration values are programmable through registers that are exposed to system software. These registers allow software to affect the converted temperature output such that the output will never exceed the maximum temperature limit.
This weakness may be addressed by preventing access to a and b.
Malicious software executes instructions to increase power consumption to the highest possible level while causing the clock frequency to increase to its maximum value. Such a program executing for an extended period of time would likely overheat the device, possibly resulting in permanent damage to the device. A ring, oscillator-based temperature sensor will generally report the sensed value as oscillator frequency rather than degrees centigrade. The temperature sensor will have calibration values that are used to convert the detected frequency into the corresponding temperature in degrees centigrade. Consider a SoC design where the critical maximum temperature limit is set in fuse values to 100C and is not modifiable by software. If the scaled thermal sensor output equals or exceeds this limit, the system is commanded to shut itself down. The thermal sensor calibration values are programmable through registers that are exposed to system software. These registers allow software to affect the converted temperature output such that the output will never exceed the maximum temperature limit.
This weakness may be addressed by preventing access to a and b.
Observed CVE Examples (1)
Kernel can inject faults in computations during the execution of TrustZone leading to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice and Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking.
View DetailsCWE Relationships
No relationship information available for this CWE.
Frequently Asked Questions
What is CWE-1314: Missing Write Protection for Parametric Data Values?+
CWE-1314: Missing Write Protection for Parametric Data Values is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The device does not write-protect the parametric data values for sensors that scale the sensor value, allowing untrusted software to manipulate the apparent result and potentially damage hardware or cause operational failure. Various sensors are used by hardware to detect any devices operating outside of the design limits. The threshold limit values are set by hardware fuses or trusted software such as the BIOS. These limits may be related to thermal, power, voltage, current, and frequency. Hardware mechanisms may be used to protect against alteration of the threshold limit values by untrusted software. The limit values are generally programmed in standard units for the type of value being read. However, the hardware-sensor blocks may report the settings in different units depending upon sensor design and operation. The raw sensor output value is converted to the desired units using a scale conversion based on the parametric data programmed into the sensor. The final converted value is then compared with the previously programmed limits. While the limit values are usually protected, the sensor parametric data values may not be. By changing the parametric data, safe operational limits may be bypassed.
What are the security consequences of Missing Write Protection for Parametric Data Values?+
If exploited, CWE-1314 (Missing Write Protection for Parametric Data Values) it can compromise Availability, leading to outcomes such as Quality Degradation and DoS: Resource Consumption (Other).
How do you prevent or mitigate Missing Write Protection for Parametric Data Values?+
Recommended mitigations for CWE-1314 include: Access controls for sensor blocks should ensure that only trusted software is allowed to change threshold limits and sensor parametric data.
Which programming languages are affected by Missing Write Protection for Parametric Data Values?+
CWE-1314 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
What are real-world examples of Missing Write Protection for Parametric Data Values?+
MITRE documents real CVEs mapped to CWE-1314, including CVE-2017-8252. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
What is the difference between a CWE and a CVE?+
A CWE (Common Weakness Enumeration) like CWE-1314 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.