CWE-1038: Insecure Automated Optimizations

Description

The product uses a mechanism that automatically optimizes code, e.g. to improve a characteristic such as performance, but the optimizations can have an unintended side effect that might violate an intended security assumption.

Extended Description

N/A

ThreatScore

Threat Mapped score: 0.0

Industry: Finiancial

Threat priority: Unclassified

Observed Examples (CVEs)

CVE: CVE-2017-5715

Intel, ARM, and AMD processor optimizations related to speculative execution and branch prediction cause access control checks to be bypassed when placing data into the cache. Often known as "Spectre".
CVE: CVE-2008-1685

C compiler optimization, as allowed by specifications, removes code that is used to perform checks to detect integer overflows.

Related Attack Patterns (CAPEC)

N/A

Attack TTPs

N/A

Modes of Introduction

Phase	Note
Architecture and Design	Optimizations built into the design of a product can have unintended consequences during execution.

Common Consequences

Impact: Alter Execution Logic — Notes: The optimizations alter the order of execution resulting in side effects that were not intended by the original developer.

Potential Mitigations

None listed.

Applicable Platforms

None (Not Language-Specific, Undetermined)

Demonstrative Examples

N/A

Notes

No notes available.

← Back to CWE list