CWE-1231 3 件の CVE MITRE の定義 ↗

CWE-1231: Improper Prevention of Lock Bit Modification

概要

CWE-1231(Improper Prevention of Lock Bit Modification)は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。

セキュリティへの影響
セキュリティ影響:製品や文脈に依存します。CVE 記録、深刻度、MITRE の説明を参照して優先度を判断してください。

説明

The product uses a trusted lock bit for restricting access to registers, address regions, or other resources, but the product does not prevent the value of the lock bit from being modified after it has been set.

適用プラットフォーム

種別 名称 クラス 普遍性 OS / CPE
language Not Language-Specific Undetermined
operating_system Not OS-Specific Undetermined
architecture Not Architecture-Specific Undetermined
technology Not Technology-Specific Undetermined

このデータベースの関連 CVE

これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。

CVE 公開 概要
CVE-2025-52536 2026-02-10 Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity.
CVE-2024-36354 2025-09-06 Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of T…
CVE-2022-42285 2023-01-12 DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privilege…

旧名称

  • Improper Implementation of Lock Protection Registers (2021-10-28)

コンテンツ投稿

名称
Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi
組織
Intel Corporation
日付
2020-01-15
バージョン
4.0

コンテンツの変更履歴

日付 名称 バージョン 重要度 コメント
2020-06-25 CWE Content Team 4.1 updated Demonstrative_Examples
2020-08-20 CWE Content Team 4.2 updated Related_Attack_Patterns
2021-10-28 CWE Content Team 4.6 updated Demonstrative_Examples, Description, Detection_Factors, Name, Observed_Examples, Potential_Mitigations, Relationships, Weakness_Ordinalities
2022-04-28 CWE Content Team 4.7 updated Related_Attack_Patterns, Relationships
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2023-10-26 CWE Content Team 4.13 updated Demonstrative_Examples, References
2025-04-03 CWE Content Team 4.17 updated Demonstrative_Examples
2025-09-09 CWE Content Team 4.18 updated Relationships

貢献

タイプ 名称 日付 コメント
Feedback Narasimha Kumar V Mangipudi 2021-10-20 reviewed content changes
Content Hareesh Khattri 2021-10-22 provided observed example
Content Shaza Zeitouni, Mohamadreza Rostami, Pouya Mahmoody, Ahmad-Reza Sadeghi 2023-06-21 suggested demonstrative example
Content Rahul Kande, Chen Chen, Jeyavijayan Rajendran 2023-06-21 suggested demonstrative example
cvelogic Threat Intelligence