CWE-1332: Improper Handling of Faults that Lead to… | Glexia
CWE-1332 (Improper Handling of Faults that Lead to Instruction Skips) weakness overview with consequences, detection methods, mitigations, related CVEs and MITRE…
Glexia's Take · Automated analysis
CWE-1332: Improper Handling of Faults that Lead to Instruction Skips
Improper Handling of Faults that Lead to Instruction Skips represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
Executive Impact
- Confidentiality,Integrity,Authentication: Bypass Protection Mechanism,Alter Execution Logic,Unexpected State: Depending on the context, instruction skipping can have a broad range of consequences related to the generic bypassing of security critical code.
Developer Pattern
CWE-1332 is the kind of defect developers can usually prevent with explicit validation, safer framework defaults, and tests that exercise hostile input or unsafe state transitions.
Automation confidence
high confidence from CWE-1332, 4.20.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Official CWE Definition
CWE-1332: Improper Handling of Faults that Lead to Instruction Skips
The device is missing or incorrectly implements circuitry or sensors that detect and mitigate the skipping of security-critical CPU instructions when they occur.
Developer And Remediation Guidance
How teams prevent and detect this weakness
Causes
- A smart card contains authentication credentials that are used as authorization to enter a building. The credentials are only accessible when a correct PIN is presented to the card. There are several ways this weakness could be fixed.
Remediation
- Architecture and Design: Design strategies for ensuring safe failure if inputs, such as Vcc, are modified out of acceptable ranges.
- Architecture and Design: Design strategies for ensuring safe behavior if instructions attempt to be skipped.
- Architecture and Design: Identify mission critical secrets that should be wiped if faulting is detected, and design a mechanism to do the deletion.
- Implementation: Add redundancy by performing an operation multiple times, either in space or time, and perform majority voting. Additionally, make conditional instruction timing unpredictable.
- Implementation: Use redundant operations or canaries to detect and respond to faults.
- Implementation: Ensure that fault mitigations are strong enough in practice. For example, a low power detection mechanism that takes 50 clock cycles to trigger at lower voltages may be an insufficient security mechanism if the instruction counter has already progressed with no other CPU activity occurring.
Detection
- Automated Static Analysis: This weakness can be found using automated static analysis once a developer has indicated which code paths are critical to protect.
- Simulation / Emulation: This weakness can be found using automated dynamic analysis. Both emulation of a CPU with instruction skips, as well as RTL simulation of a CPU IP, can indicate parts of the code that are sensitive to faults due to instruction skips.
- Manual Analysis: This weakness can be found using manual (static) analysis. The analyst has security objectives that are matched against the high-level code. This method is less precise than emulation, especially if the analysis is done at the higher level language rather than at assembly level.
Mappings
Related CVEs, CWEs, and ATT&CK context
Related CWEs
No related CWE relationships are published yet.
ATT&CK Relevance
ATT&CK relevance is shown only when reviewed or responsibly inferred.
