Détail du CWE-1252

CWE-1252

CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations
Incomplete
2020-02-24
00h00 +00:00
2025-12-11
00h00 +00:00
CWE Mitre.org
Notifications pour un CWE
Restez informé de toutes modifications pour un CWE spécifique.
Gestion des notifications

Nom: CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations

The CPU is not configured to provide hardware support for exclusivity of write and execute operations on memory. This allows an attacker to execute data from all of memory.

Informations générales

Modes d'introduction

Architecture and Design

Plateformes applicables

Langue

Class: Not Language-Specific (Undetermined)

Systèmes d’exploitation

Class: Not OS-Specific (Undetermined)

Architectures

Class: Not Architecture-Specific (Undetermined)

Technologies

Name: Microcontroller Hardware (Undetermined)
Name: Processor Hardware (Undetermined)

Conséquences courantes

Portée Impact Probabilité
Confidentiality
Integrity		Execute Unauthorized Code or Commands

Note: Without configuring exclusivity of operations via segregated areas of memory, an attacker may be able to inject malicious code onto memory and later execute it.

Mesures d’atténuation potentielles

Phases : Architecture and Design
Phases : Integration

Notes de cartographie des vulnérabilités

Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Commentaire : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Modèles d'attaque associés

CAPEC-ID Nom du modèle d'attaque
CAPEC-679 Exploitation of Improperly Configured or Implemented Memory Protections

Références

REF-1076

Cortex-R4 Manual
ARM.
https://developer.arm.com/Processors/Cortex-M4

REF-1077

MCS 51 Microcontroller Family User's Manual
Intel.
http://web.mit.edu/6.115/www/document/8051.pdf

REF-1078

Memory Protection Unit (MPU)
ARM.
https://web.archive.org/web/20200630034848/https://static.docs.arm.com/100699/0100/armv8m_architecture_memory_protection_unit_100699_0100_00_en.pdf

Soumission

Nom Organisation Date Date de publication Version
Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi Intel Corporation 2020-02-13 +00:00 2020-02-24 +00:00 4.0

Modifications

Nom Organisation Date Commentaire
CWE Content Team MITRE 2020-08-20 +00:00 updated Related_Attack_Patterns
CWE Content Team MITRE 2022-04-28 +00:00 updated Applicable_Platforms, Related_Attack_Patterns
CWE Content Team MITRE 2022-06-28 +00:00 updated Applicable_Platforms
CWE Content Team MITRE 2023-04-27 +00:00 updated References, Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2025-12-11 +00:00 updated Common_Consequences, Description, Weakness_Ordinalities
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.