CWE-1274 Detail

CWE-1274

Improper Access Control for Volatile Memory Containing Boot Code
Stable
2020-02-24
00h00 +00:00
2025-12-11
00h00 +00:00
CWE Mitre.org
Meldingen voor een CWE
Blijf op de hoogte van wijzigingen voor een specifieke CWE.
Meldingen beheren

Naam: Improper Access Control for Volatile Memory Containing Boot Code

The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient access control or other protections for the Volatile Memory.

Algemene informatie

Introductiemodi

Architecture and Design : This weakness can be introduced during hardware architecture or design but can be identified later during testing.

Toepasselijke platforms

Taal

Class: Not Language-Specific (Undetermined)

Besturingssystemen

Class: Not OS-Specific (Undetermined)

Architecturen

Class: Not Architecture-Specific (Undetermined)

Technologieën

Class: Not Technology-Specific (Undetermined)

Veelvoorkomende gevolgen

Bereik Impact Waarschijnlijkheid
Access Control
Integrity		Modify Memory, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity

Note: If the volatile-memory-region protections or access controls are insufficient to prevent modifications from an adversary or untrusted agent, the secure boot may be bypassed or replaced with the execution of an adversary's code.		High

Waargenomen voorbeelden

Referenties Beschrijving

CVE-2019-2267

Locked memory regions may be modified through other interfaces in a secure-boot-loader image due to improper access control.

Mogelijke risicobeperkingen

Phases : Architecture and Design
Ensure that the design of volatile-memory protections is enough to prevent modification from an adversary or untrusted code.
Phases : Testing
Test the volatile-memory protections to ensure they are safe from modification or untrusted code.

Detectiemethoden

Manual Analysis

Ensure the volatile memory is lockable or has locks. Ensure the volatile memory is locked for writes from untrusted agents or adversaries. Try modifying the volatile memory from an untrusted agent, and ensure these writes are dropped.
Effectiviteit : High

Manual Analysis

Effectiviteit : Moderate

Notities kwetsbaarheidsmapping

Rechtvaardiging : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Opmerking : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Gerelateerde aanvalspatronen

CAPEC-ID Naam aanvalspatroon
CAPEC-456 Infected Memory
An adversary inserts malicious logic into memory enabling them to achieve a negative impact. This logic is often hidden from the user of the system and works behind the scenes to achieve negative impacts. This pattern of attack focuses on systems already fielded and used in operation as opposed to systems that are still under development and part of the supply chain.
CAPEC-679 Exploitation of Improperly Configured or Implemented Memory Protections

Indiening

Naam Organisatie Datum Releasedatum Version
Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi Intel Corporation 2020-04-25 +00:00 2020-02-24 +00:00 4.1

Wijzigingen

Naam Organisatie Datum Opmerking
CWE Content Team MITRE 2020-08-20 +00:00 updated Demonstrative_Examples, Description, Related_Attack_Patterns
CWE Content Team MITRE 2021-10-28 +00:00 updated Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Observed_Examples, Potential_Mitigations, Relationships, Weakness_Ordinalities
CWE Content Team MITRE 2022-04-28 +00:00 updated Related_Attack_Patterns
CWE Content Team MITRE 2023-01-31 +00:00 updated Related_Attack_Patterns
CWE Content Team MITRE 2023-04-27 +00:00 updated Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2024-02-29 +00:00 updated Detection_Factors
CWE Content Team MITRE 2025-04-03 +00:00 updated Demonstrative_Examples
CWE Content Team MITRE 2025-12-11 +00:00 updated Common_Consequences, Description
De informatie die op CVE Find wordt gepresenteerd, is afkomstig van verschillende zorgvuldig geselecteerde referentiebronnen. CVE-gegevens worden geleverd door MITRE Corporation en de National Vulnerability Database (NVD). De Known Exploited Vulnerabilities (KEV)-catalogus is afkomstig van de Cybersecurity and Infrastructure Security Agency (CISA), terwijl EPSS-scores afkomstig zijn van FIRST.org. Daarnaast worden gegevens over softwarezwakheden (CWE) en veelvoorkomende aanvalspatronen (CAPEC) bijgehouden door MITRE Corporation, en informatie over hardware- en softwareconfiguraties (CPE) wordt geleverd door de NVD.