CWE-1231: Improper Prevention of Lock Bit Modification
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product uses a trusted lock bit for restricting access to registers, address regions, or other resources, but the product does not prevent the value of the lock bit from being modified after it has been set.
常见后果
影响范围: Access Control
技术影响: Modify Memory
说明: Registers protected by lock bit can be modified even when lock is set.
潜在缓解措施
阶段: Architecture and Design Implementation Testing
有效性: High
检测方法
方法: Manual Analysis
Set the lock bit. Power cycle the device. Attempt to clear the lock bit. If the information is changed, implement a design fix. Retest. Also, attempt to indirectly clear the lock bit or bypass it.
有效性: High
观察示例
参考: CVE-2017-6283
chip reset clears critical read/write lock permissions for RSA function
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases. |
| Implementation | Such issues could be introduced during implementation and identified later during Testing or System Configuration phases. |