CWE-1209: Failure to Disable Reserved Bits

What is Failure to Disable Reserved Bits?

• Overview: This vulnerability occurs when hardware designs leave reserved bits enabled in production, which should ideally be disabled. Reserved bits are placeholders for future functionalities and should not have any active logic tied to them in the current hardware design.

• Exploitation Methods:

• Attackers can manipulate these reserved bits to alter hardware behavior unexpectedly.
• Common techniques include writing to these bits to uncover hidden features or induce malfunction.

• Security Impact:

• Direct consequences include unauthorized control over hardware functions.
• Potential cascading effects can lead to system instability or hardware failure.
• Business impact involves potential loss of trust, financial damage, and compromised product integrity.

• Prevention Guidelines:

• Specific code-level fixes involve ensuring that reserved bits are properly disabled before production.
• Security best practices include thorough design review and testing to verify that no active logic is tied to reserved bits.
• Recommended tools and frameworks are those that provide hardware verification and validation to ensure unused bits are inactive.

Corgea can automatically detect and fix Failure to Disable Reserved Bits in your codebase. [Try Corgea free today](https://corgea.app).

Technical Details

Likelihood of Exploit: Not specified

Affected Languages: Not Language-Specific

Affected Technologies: System on Chip

Vulnerable Code Example

class HardwareController:
    def __init__(self):
        # Assume we have a 16-bit control register
        self.control_register = 0x0000

    def enable_feature(self, feature_bits):
        # Vulnerable: Enabling features without masking reserved bits
        self.control_register |= feature_bits
        # Reserved bits are not disabled, which can be exploited

In the code above, the enable_feature method is vulnerable because it directly writes to the control register without masking off reserved bits. This leaves the system open to exploitation if these bits are manipulated to alter hardware behavior unexpectedly.

How to fix Failure to Disable Reserved Bits?

To fix this vulnerability, it's crucial to mask the reserved bits before writing to the control register. Reserved bits should be identified and explicitly disabled to prevent unauthorized modifications. This can be achieved by using a bitmask that has all reserved bits set to zero and only allows modification of the intended bits.

Best Practices:

1. Identify Reserved Bits: Clearly specify which bits are reserved and should not be altered.
2. Create a Bitmask: Use a bitmask to ensure reserved bits are not modified.
3. Validate Input: Ensure any input for modifying bits does not affect reserved bits.

Fixed Code Example

class HardwareController:
    def __init__(self):
        # Assume we have a 16-bit control register
        self.control_register = 0x0000
        # Define a bitmask to disable reserved bits (e.g., bits 12-15 are reserved)
        self.bitmask = 0x0FFF  # Only bits 0-11 can be modified

    def enable_feature(self, feature_bits):
        # Masking reserved bits to prevent modification
        feature_bits &= self.bitmask  # Apply bitmask to ensure only allowed bits are set
        self.control_register |= feature_bits
        # Reserved bits are now protected from unauthorized changes

In the fixed code, we introduced a bitmask (self.bitmask) that ensures only the non-reserved bits can be modified. The operation feature_bits &= self.bitmask ensures that any input is masked properly, disabling all reserved bits before writing to the control register. This approach prevents unauthorized manipulation of the reserved bits, thereby mitigating the vulnerability.