Vulnerabilities

Defect Categories

Memory corruption bugs are a primary focus: e.g. buffer overflows, out-of-bounds reads, use-after-free errors, null pointer dereferences, and other memory safety violations. These are critical since memory-safety bugs often lead to device takeover; in fact, multiple Top-25 CWE weaknesses are memory-related.

Metalware also detects logical flaws that manifest as misbehavior or crashes, such as assertion failures or unintended resets. It can catch hardware interaction errors (e.g. improper handling of an unexpected interrupt or DMA transfer) if they cause abnormal behavior.

Additionally, any condition that crashes the firmware (e.g. divide-by-zero, invalid instruction execution) will be logged. Metalware’s runtime monitoring can detect silent errors (like corruption that doesn’t immediately crash) by using instrumentation – turning them into detectable crashes. This means even non-crashing flaws (which might undermine security or stability) are surfaced.

What Types of CWEs are Detected?

Metalware can discover vulnerabilities corresponding to a broad range of CWE (Common Weakness Enumeration) categories commonly found in low-level C/C++ code.

CWE-119 / CWE-120: Buffer Overflow issues (writing or reading outside the bounds of a buffer) – e.g., writing past the end of an array stored in RAM.

CWE-125 / CWE-787: Out-of-bounds Read/Write – firmware reading unintended memory (potential info leak) or writing beyond valid memory (corruption).

CWE-416: Use-After-Free – reuse of memory after it’s been freed (less common in microcontroller firmware if no dynamic memory, but possible with certain RTOS or heap usage patterns).

CWE-476: Null Pointer Dereference – e.g., firmware tries to use a null pointer leading to a fault.

CWE-362: Race Conditions (especially interrupt-related races) – e.g., non-atomic access to shared data that an interrupt could modify, leading to inconsistent state.

CWE-124: Stack-based Buffer Overflow (writing to memory before the start of a buffer) – possible if misusing memory pointers.

CWE-20: Improper Input Validation – if the firmware fails to check sizes/values from inputs (like commands or sensor readings), leading to undefined behavior.

These and many more CWEs that manifest as firmware vulnerabilities (including those in the Top 25 list) can be uncovered by Metalware’s dynamic testing. Each discovered issue is categorized in reports with its corresponding CWE type when possible, aiding developers in understanding the nature of the flaw.