CWE-1274 9 CVEs MITRE definition ↗

CWE-1274: Improper Access Control for Volatile Memory Containing Boot Code

Overview

CWE-1274 (Improper Access Control for Volatile Memory Containing Boot Code) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact
Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient access control or other protections for the Volatile Memory.

Applicable platforms

Kind Name Class Prevalence OS / CPE
language Not Language-Specific Undetermined
operating_system Not OS-Specific Undetermined
architecture Not Architecture-Specific Undetermined
technology Not Technology-Specific Undetermined

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE Published Summary
CVE-2024-36345 2026-05-14 Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to perform an out-of-bounds read, potentially resulting in loss of confidenti…
CVE-2025-29950 2026-02-10 Improper input validation in system management mode (SMM) could allow a privileged attacker to overwrite stack memory leading to arbitrary code execution.
CVE-2025-65396 2026-01-14 A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the …
CVE-2025-59694 2025-12-02 The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to persistently modify firmware and influence …
CVE-2025-59404 2025-09-25 Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with its bootloader unlocked. This permits bypass of Android Verified Boot (AVB) and allows direct modification of partitions…
CVE-2025-4043 2025-05-07 An admin user can gain unauthorized write access to the /etc/rc.local file on the device, which is executed on a system boot.
CVE-2023-31345 2025-02-11 Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.
CVE-2022-2484 2023-01-06 The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious ker…
CVE-2022-2482 2023-01-06 A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script …

Previous names

  • Insufficient Protections on the Volatile Memory Containing Boot Code (2021-10-28)

Content submission

Name
Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi
Organization
Intel Corporation
Date
2020-04-25
Version
4.1

Content modifications

Date Name Version Importance Comment
2020-08-20 CWE Content Team 4.2 updated Demonstrative_Examples, Description, Related_Attack_Patterns
2021-10-28 CWE Content Team 4.6 updated Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Observed_Examples, Potential_Mitigations, Relationships, Weakness_Ordinalities
2022-04-28 CWE Content Team 4.7 updated Related_Attack_Patterns
2023-01-31 CWE Content Team 4.10 updated Related_Attack_Patterns
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2024-02-29 CWE Content Team 4.14 updated Detection_Factors
2025-04-03 CWE Content Team 4.17 updated Demonstrative_Examples
2025-12-11 CWE Content Team 4.19 updated Common_Consequences, Description

Contributions

Type Name Date Comment
Feedback Narasimha Kumar V Mangipudi 2021-10-20 suggested content improvements
Content Hareesh Khattri 2021-10-22 provided detection method
cvelogic Threat Intelligence