Closed Dexaran closed 7 years ago
This would not happens when you connect a tested module to the module handler. Like the same situation while you plug a burned RAM module to your motherboard and wondering why not booting. :)
It is a potential vector of attack.
You can replace any module
with a corrupted module
, and you will not be able to restore the platform because you can not replace the corrupted module. It will ruin the whole platform.
Yesterday we saw a social engineering attack.
You can say: "We will never make a mistake here," but if there is an opportunity to do so, then this is a vulnerability.
This function execution requirement will fail if the replaceable
module
does not support thereplaceModule(address)
function, or if the replaceablemodule
returnsfalse
.If the corrupted module will not return
true
after the execution ofreplaceModule
you will be unable to replace this corrupted module. This can lead to the crash of the entire platform.