Insufficient Encapsulation of Machine-Dependent Functionality
0
Base
-
The product or code uses machine-dependent functionality, but
it does not sufficiently encapsulate or isolate this functionality from
the rest of the code.
The code contains a callable, block, or other code element in
which the same variable is used to control more than one unique task or store
more than one instance of data.
The product's design documentation does not adequately describe
control flow, data flow, system initialization, relationships between tasks,
components, rationales, or other important aspects of the
design.
The source code contains elements such as source files
that do not consistently provide a prologue or header that has been
standardized for the project.
The code contains a function or method whose signature and/or associated
inline documentation does not sufficiently describe the callable's inputs, outputs,
side effects, assumptions, or return codes.
The reserved bits in a hardware design are not disabled prior to production. Typically, reserved bits are used for future capabilities and should not support any functional logic in the design. However, designers might covertly use these bits to debug or further develop new capabilities in production hardware. Adversaries with access to these bits will write to them in hopes of compromising hardware state.
The product manages resources or behaves in a way that indirectly creates a new, distinct resource that can be used by attackers in violation of the intended policy.
Improper Lock Behavior After Power State Transition
0
Base
-
Register lock bit protection disables changes to system configuration once the bit is set. Some of the protected registers or lock bits become programmable after power state transitions (e.g., Entry and wake from low power sleep modes) causing the system configuration to be changeable.
Application-Level Admin Tool with Inconsistent View of Underlying Operating System
0
Base
-
The product provides an application for administrators to manage parts of the underlying operating system, but the application does not accurately identify all of the relevant entities or resources that exist in the OS; that is, the application's model of the OS's state is inconsistent with the OS's actual state.
CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations
0
Base
-
The CPU is not configured to provide hardware support for exclusivity of write and execute operations on memory. This allows an attacker to execute data from all of memory.