[AMD Official Use Only - AMD Internal Distribution Only] Considering ~65% of all bugs are from memory issues looking forward to the meeting.
Best Regards, Bruce Bruce Monroe Security Researcher PE PSIRT Engineer | AMD AMD PSO/Security R&D O +(1) 503-863-1207 C +(1) 503-863-1207 ---------------------------------------------------------------------------------------------------------------------------------- Remote Office South Carolina LinkedIn<https://www.linkedin.com/company/amd> | Instagram<https://www.instagram.com/amd> | X<https://www.x.com/amd> | amd.com<http://www.amd.com/> [Logo, company name Description automatically generated] From: Manna, Parbati K <parbati.k.ma...@intel.com> Sent: Wednesday, June 4, 2025 6:57 PM To: HW CWE Special Interest Group SIG <hw-cwe-special-interest-group-sig-list@mitre.org> Subject: June 13th HW CWE meeting agenda Caution: This message originated from an External Source. Use proper caution when opening attachments, clicking links, or responding. Dear SIG Members, We have the upcoming monthly SIG meeting Friday next week (June 13th). I understand Friday the 13th is etched in your memory as something very scary, but not securing your hardware from memory weaknesses is even scarier. 😉 Unironically, This Friday the 13th meeting we plan to devote on discussing the topic presented earlier by ….. Jason regarding the HW memory weaknesses. We want to weigh what the best approach would be to include memory weaknesses into the HW View, like whether we should update existing CWEs or create new ones. For those who would want a very brief summary of what Jason Oberg presented last month, it was mainly regarding how the system behaves when it receives a out-of-bound memory access for a hardware. While for SW the effect of such behavior is rather clear, for HW it varies (for instance, in some cases it provides a wraparound, essentially behaving like a modulo function, which may or may not be the intention). The out-of-bounds read for may return an undefined value (X) for simulation, but for a synthesized circuit it may actually return some real value from an unintended place (like a location within the same buffer), leading to data leakage. Similar issues exist for OOB Write requests. For more information, see https://github.com/CWE-CAPEC/hw-cwe-sig/blob/main/Meeting_Minutes/2025/20250509_hw_cwe_sig_meeting_minutes.pdf Please come prepared to discuss this matter further. Thanks and Regards, Parbati Kumar Manna Co-Chair, HW CWE SIG
