CWE-1233: Security-Sensitive Hardware Controls with Missing Lock Bit Protection
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product uses a register lock bit protection mechanism, but it does not ensure that the lock bit prevents modification of system registers or controls that perform changes to important hardware system configuration.
常见后果
影响范围: Access Control
技术影响: Modify Memory
说明: System Configuration protected by the lock bit can be modified even when the lock is set.
潜在缓解措施
阶段: Architecture and Design Implementation Testing
检测方法
方法: Manual Analysis
Set the lock bit. Attempt to modify the information protected by the lock bit. If the information is changed, implement a design fix. Retest. Also, attempt to indirectly clear the lock bit or bypass it.
有效性: High
观察示例
参考: CVE-2018-9085
Certain servers leave a write protection lock bit unset after boot, potentially allowing modification of parts of flash memory.
参考: CVE-2014-8273
Chain: chipset has a race condition (CWE-362) between when an interrupt handler detects an attempt to write-enable the BIOS (in violation of the lock bit), and when the handler resets the write-enable bit back to 0, allowing attackers to issue BIOS writes during the timing window [REF-1237].
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases. |
| Implementation | Such issues could be introduced during implementation and identified later during Testing or System Configuration phases. |