CWE-1262 9 CVEs MITRE definition ↗

CWE-1262: Improper Access Control for Register Interface

Overview

CWE-1262 (Improper Access Control for Register Interface) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact
Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

The product uses memory-mapped I/O registers that act as an interface to hardware functionality from software, but there is improper access control to those registers.

Applicable platforms

Kind Name Class Prevalence OS / CPE
language Not Language-Specific Undetermined
operating_system Not OS-Specific Undetermined
architecture Not Architecture-Specific Undetermined
technology Not Technology-Specific Undetermined

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE Published Summary
CVE-2025-47385 2026-03-02 Memory Corruption when accessing trusted execution environment without proper privilege check.
CVE-2025-36194 2026-02-02 IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 may expose a limited amount of data to a peer partition in specific shared processor conf…
CVE-2025-20788 2025-12-02 In GPU pdma, there is a possible memory corruption due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is nee…
CVE-2023-20599 2025-06-10 Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP’s Crypto Co-Processor (CCP) registers from x86 resulting in potential loss of control of c…
CVE-2024-45556 2025-04-07 Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR.
CVE-2024-57492 2025-03-10 An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of service via the round_up_to_page funciton.
CVE-2025-1882 2025-03-03 A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been rated as critical. Affected by this issue is some unknown functionality of the component Device Setting Handler. The manipu…
CVE-2024-6354 2024-06-26 Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the execute permission via the use of the PAM das…
CVE-2022-23005 2023-01-23 Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability. This vulnerability may exist in some systems where the Host boot ROM code implements the UF…

Previous names

  • Register Interface Allows Software Access to Sensitive Data or Security Settings (2021-10-28)

Content submission

Name
Nicole Fern
Organization
Cycuity (originally submitted as Tortuga Logic)
Date
2020-05-08
Version
4.1

Content modifications

Date Name Version Importance Comment
2020-08-20 CWE Content Team 4.2 updated Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Modes_of_Introduction, Potential_Mitigations, Related_Attack_Patterns
2021-10-28 CWE Content Team 4.6 updated Description, Detection_Factors, Name, Observed_Examples, Potential_Mitigations, Weakness_Ordinalities
2022-04-28 CWE Content Team 4.7 updated Related_Attack_Patterns
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Demonstrative_Examples, Mapping_Notes, References
2023-10-26 CWE Content Team 4.13 updated Demonstrative_Examples
2025-09-09 CWE Content Team 4.18 updated Relationships
2025-12-11 CWE Content Team 4.19 updated Demonstrative_Examples, References

Contributions

Type Name Date Comment
Content Anders Nordstrom, Alric Althoff 2021-10-11 Provided detection methods and observed examples
Content Nicole Fern 2021-10-12 Provided detection methods
Content Shaza Zeitouni, Mohamadreza Rostami, Pouya Mahmoody, Ahmad-Reza Sadeghi 2023-06-21 suggested demonstrative example
Content Rahul Kande, Chen Chen, Jeyavijayan Rajendran 2023-06-21 suggested demonstrative example
cvelogic Threat Intelligence