CWE-1332: Improper Handling of Faults that Lead to Instruction Skips

low-risk

The device is missing or incorrectly implements circuitry or sensors that detect and mitigate the skipping of security-critical CPU instructions when they occur.

Abstraction: Base

Common Consequences

Confidentiality Bypass Protection Mechanism

Detection Methods

Automated Static Analysis

This weakness can be found using automated static analysis once a developer has indicated which code paths are critical to protect.

Simulation / Emulation

This weakness can be found using automated dynamic analysis. Both emulation of a CPU with instruction skips, as well as RTL simulation of a CPU IP, can indicate parts of the code that are sensitive to faults due to instruction skips.

Manual Analysis

This weakness can be found using manual (static) analysis. The analyst has security objectives that are matched against the high-level code. This method is less precise than emulation, especially if the analysis is done at the higher level language rather than at assembly level.

Real-World Examples (3)

CVE CVSS EPSS KEV
CVE-2025-8028 9.8 0.2%
CVE-2024-20060 5.9 0.0%
CVE-2024-20059 6.7 0.0%
0
/ 100
low-risk
Active Threat 0/50 · Minimal
Exploit Availability 0/50 · Minimal