CWE-1257 – Improper Access Control Applied to Mirrored or Aliased Memory Regions | Common Weakness Enumeration (CWE)

Overview

CWE-1257 (Improper Access Control Applied to Mirrored or Aliased Memory Regions) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact: Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

Aliased or mirrored memory regions in hardware designs may have inconsistent read/write permissions enforced by the hardware. A possible result is that an untrusted agent is blocked from accessing a memory region but is not blocked from accessing the corresponding aliased memory region.

Applicable platforms

Kind	Name	Class	Prevalence	OS / CPE
language	—	Not Language-Specific	Undetermined	—
operating_system	—	Not OS-Specific	Undetermined	—
architecture	—	Not Architecture-Specific	Undetermined	—
technology	Memory Hardware	—	Undetermined	—
technology	Processor Hardware	—	Undetermined	—
technology	Microcontroller Hardware	—	Undetermined	—
technology	Network on Chip Hardware	—	Undetermined	—
technology	—	System on Chip	Undetermined	—

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE	Published	Summary
CVE-2025-27032	2025-09-24	memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency.
CVE-2025-36600	2025-07-08	Dell Client Platform BIOS contains an Improper Access Control Applied to Mirrored or Aliased Memory Regions vulnerability in an externally developed component. A high privileged attacker with local ac…
CVE-2019-1174	2019-08-14	An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with ele…

Content submission

Name: Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi
Organization: Intel Corporation
Date: 2020-04-29
Version: 4.1

Content modifications

Date	Name	Version	Importance	Comment
2020-08-20	CWE Content Team	4.2	—	updated Demonstrative_Examples, Description, Modes_of_Introduction, Potential_Mitigations, Related_Attack_Patterns
2021-10-28	CWE Content Team	4.6	—	updated Potential_Mitigations
2022-04-28	CWE Content Team	4.7	—	updated Applicable_Platforms, Related_Attack_Patterns
2022-06-28	CWE Content Team	4.8	—	updated Applicable_Platforms
2022-10-13	CWE Content Team	4.9	—	updated Demonstrative_Examples
2023-01-31	CWE Content Team	4.10	—	updated Related_Attack_Patterns
2023-04-27	CWE Content Team	4.11	—	updated Relationships
2023-06-29	CWE Content Team	4.12	—	updated Mapping_Notes
2025-12-11	CWE Content Team	4.19	—	updated Weakness_Ordinalities