{"@ID": "1323", "@Name": "Improper Management of Sensitive Trace Data", "@Abstraction": "Base", "@Structure": "Simple", "@Status": "Draft", "Description": "Trace data collected from several sources on the\n                System-on-Chip (SoC) is stored in unprotected locations or\n                transported to untrusted agents.", "Extended_Description": {"xhtml:p": ["To facilitate verification of complex System-on-Chip\n                    (SoC) designs, SoC integrators add specific IP blocks that\n                    trace the SoC's internal signals in real-time. This\n                    infrastructure enables observability of the SoC's internal\n                    behavior, validation of its functional design,\n                    and detection of hardware and software bugs. Such tracing\n                    IP blocks collect traces from several sources on the SoC\n                    including the CPU, crypto coprocessors, and on-chip fabrics. Traces collected from these sources are then\n                    aggregated inside trace IP block and forwarded to trace\n                    sinks, such as debug-trace ports that facilitate debugging by\n                    external hardware and software debuggers.", "Since\n                    these traces are collected from several security-sensitive\n                    sources, they must be protected against untrusted\n                    debuggers. If they are stored in unprotected memory, an\n                    untrusted software debugger can access these traces and\n                    extract secret information. Additionally, if\n                    security-sensitive traces are not tagged as secure, an\n                    untrusted hardware debugger might access them to extract\n                    confidential information."]}, "Related_Weaknesses": {"Related_Weakness": {"@Nature": "ChildOf", "@CWE_ID": "284", "@View_ID": "1000", "@Ordinal": "Primary"}}, "Weakness_Ordinalities": {"Weakness_Ordinality": [{"Ordinality": "Primary"}, {"Ordinality": "Resultant"}]}, "Applicable_Platforms": {"Language": {"@Class": "Not Language-Specific", "@Prevalence": "Undetermined"}, "Operating_System": {"@Class": "Not OS-Specific", "@Prevalence": "Undetermined"}, "Architecture": {"@Class": "Not Architecture-Specific", "@Prevalence": "Undetermined"}, "Technology": {"@Class": "System on Chip", "@Prevalence": "Undetermined"}}, "Modes_Of_Introduction": {"Introduction": [{"Phase": "Architecture and Design"}, {"Phase": "Implementation"}]}, "Common_Consequences": {"Consequence": {"Scope": "Confidentiality", "Impact": "Read Memory", "Note": "An adversary can read secret values if they are captured in debug traces and stored unsafely."}}, "Potential_Mitigations": {"Mitigation": {"Phase": "Implementation", "Description": "Tag traces to indicate owner and debugging privilege level (designer, OEM, or end user) needed to access that trace."}}, "Demonstrative_Examples": {"Demonstrative_Example": {"Intro_Text": "In a SoC, traces generated from sources\n                        include security-sensitive IP blocks such as CPU (with\n                        tracing information such as instructions executed and\n                        memory operands), on-chip fabric (e.g., memory-transfer\n                        signals, transaction type and destination, and\n                        on-chip-firewall-error signals), power-management\n                        IP blocks (e.g., clock- and power-gating signals), and\n                        cryptographic coprocessors (e.g., cryptographic keys and\n                        intermediate values of crypto operations), among\n                        other non-security-sensitive IP blocks including timers\n                        and other functional blocks. The collected traces are\n                        then forwarded to the debug and trace interface used by\n                        the external hardware debugger.", "Example_Code": [{"@Nature": "Bad", "@Language": "Other", "#text": "The traces do\n                        not have any privilege level attached to them. All\n                        collected traces can be viewed by any debugger (i.e., SoC\n                        designer, OEM debugger, or end user)."}, {"@Nature": "Good", "@Language": "Other", "#text": "Some of the\n                        traces are SoC-design-house secrets, while some are OEM\n                        secrets. Few are end-user secrets and the rest are\n                        not security-sensitive. Tag all traces with the\n                        appropriate, privilege level at the source. The bits\n                        indicating the privilege level must be immutable in\n                        their transit from trace source to the final, trace\n                        sink. Debugger privilege level must be checked before\n                        providing access to traces."}]}}, "Related_Attack_Patterns": {"Related_Attack_Pattern": [{"@CAPEC_ID": "150"}, {"@CAPEC_ID": "167"}, {"@CAPEC_ID": "545"}]}, "References": {"Reference": [{"@External_Reference_ID": "REF-1150"}, {"@External_Reference_ID": "REF-1151"}]}, "Mapping_Notes": {"Usage": "Allowed", "Rationale": "This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.", "Comments": "Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.", "Reasons": {"Reason": {"@Type": "Acceptable-Use"}}}, "Content_History": {"Submission": {"Submission_Name": "Hareesh Khattri, Parbati K. Manna, and Arun Kanuparthi", "Submission_Organization": "Intel Corporation", "Submission_Date": "2020-07-20", "Submission_Version": "4.3", "Submission_ReleaseDate": "2020-12-10"}, "Modification": [{"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2021-10-28", "Modification_Version": "4.6", "Modification_ReleaseDate": "2021-10-28", "Modification_Comment": "updated Common_Consequences"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-04-27", "Modification_Version": "4.11", "Modification_ReleaseDate": "2023-04-27", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-06-29", "Modification_Version": "4.12", "Modification_ReleaseDate": "2023-06-29", "Modification_Comment": "updated Mapping_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-12-11", "Modification_Version": "4.19", "Modification_ReleaseDate": "2025-12-11", "Modification_Comment": "updated Weakness_Ordinalities"}]}}
