CWE-1256 4 CVEs MITRE definition ↗

CWE-1256: Improper Restriction of Software Interfaces to Hardware Features

Overview

CWE-1256 (Improper Restriction of Software Interfaces to Hardware Features) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact
Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

The product provides software-controllable device functionality for capabilities such as power and clock management, but it does not properly limit functionality that can lead to modification of hardware memory or register bits, or the ability to observe physical side channels.

Applicable platforms

Kind Name Class Prevalence OS / CPE
language Not Language-Specific Undetermined
operating_system Not OS-Specific Undetermined
architecture Not Architecture-Specific Undetermined
technology Not Technology-Specific Undetermined
technology Memory Hardware Undetermined
technology Power Management Hardware Undetermined
technology Clock/Counter Hardware Undetermined

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE Published Summary
CVE-2024-5477 2025-08-13 A potential security vulnerability has been identified in the System BIOS for some HP PC products which may allow escalation of privilege, arbitrary code execution, denial of service, or information d…
CVE-2024-48869 2025-05-13 Improper restriction of software interfaces to hardware features for some Intel(R) Xeon(R) 6 processor with E-cores when using Intel(R) Trust Domain Extensions (Intel(R) TDX) or Intel(R) Software Guar…
CVE-2024-2881 2024-08-29 Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a vi…
CVE-2024-1545 2024-08-29 Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victi…

Previous names

  • Hardware Features Enable Physical Attacks from Software (2021-10-28)

Content submission

Name
Nicole Fern
Organization
Cycuity (originally submitted as Tortuga Logic)
Date
2020-05-08
Version
4.1

Content modifications

Date Name Version Importance Comment
2020-08-20 CWE Content Team 4.2 updated Demonstrative_Examples, Description, Maintenance_Notes, Related_Attack_Patterns
2021-03-15 CWE Content Team 4.4 updated Demonstrative_Examples, Functional_Areas, Maintenance_Notes
2021-07-20 CWE Content Team 4.5 updated Demonstrative_Examples, Observed_Examples
2021-10-28 CWE Content Team 4.6 updated Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Modes_of_Introduction, Name, Observed_Examples, References, Relationships, Weakness_Ordinalities
2022-04-28 CWE Content Team 4.7 updated Applicable_Platforms
2022-06-28 CWE Content Team 4.8 updated Applicable_Platforms
2023-01-31 CWE Content Team 4.10 updated Related_Attack_Patterns
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-04-03 CWE Content Team 4.17 updated Demonstrative_Examples
2025-09-09 CWE Content Team 4.18 updated Relationships

Contributions

Type Name Date Comment
Content 2021-07-16 Provided Demonstrative Example for Hardware Root of Trust
Content Anders Nordstrom, Alric Althoff 2021-10-11 Provided detection method
Content Nicole Fern 2021-10-15 updated description and extended description, detection method, and observed examples
cvelogic Threat Intelligence