CWE-1274: Improper Access Control for Volatile Memory Containing Boot Code
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient access control or other protections for the Volatile Memory.
常见后果
影响范围: Access Control Integrity
技术影响: Modify Memory Execute Unauthorized Code or Commands Gain Privileges or Assume Identity
潜在缓解措施
阶段: Architecture and Design
描述: Ensure that the design of volatile-memory protections is enough to prevent modification from an adversary or untrusted code.
阶段: Testing
描述: Test the volatile-memory protections to ensure they are safe from modification or untrusted code.
检测方法
方法: Manual Analysis
Ensure the volatile memory is lockable or has locks. Ensure the volatile memory is locked for writes from untrusted agents or adversaries. Try modifying the volatile memory from an untrusted agent, and ensure these writes are dropped.
有效性: High
方法: Manual Analysis
有效性: Moderate
观察示例
参考: CVE-2019-2267
Locked memory regions may be modified through other interfaces in a secure-boot-loader image due to improper access control.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | This weakness can be introduced during hardware architecture or design but can be identified later during testing. |