CWE-1256 4 件の CVE MITRE の定義 ↗

CWE-1256: Improper Restriction of Software Interfaces to Hardware Features

概要

CWE-1256(Improper Restriction of Software Interfaces to Hardware Features)は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。

セキュリティへの影響
セキュリティ影響:製品や文脈に依存します。CVE 記録、深刻度、MITRE の説明を参照して優先度を判断してください。

説明

The product provides software-controllable device functionality for capabilities such as power and clock management, but it does not properly limit functionality that can lead to modification of hardware memory or register bits, or the ability to observe physical side channels.

適用プラットフォーム

種別 名称 クラス 普遍性 OS / CPE
language Not Language-Specific Undetermined
operating_system Not OS-Specific Undetermined
architecture Not Architecture-Specific Undetermined
technology Not Technology-Specific Undetermined
technology Memory Hardware Undetermined
technology Power Management Hardware Undetermined
technology Clock/Counter Hardware Undetermined

このデータベースの関連 CVE

これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。

CVE 公開 概要
CVE-2024-5477 2025-08-13 A potential security vulnerability has been identified in the System BIOS for some HP PC products which may allow escalation of privilege, arbitrary code execution, denial of service, or information d…
CVE-2024-48869 2025-05-13 Improper restriction of software interfaces to hardware features for some Intel(R) Xeon(R) 6 processor with E-cores when using Intel(R) Trust Domain Extensions (Intel(R) TDX) or Intel(R) Software Guar…
CVE-2024-2881 2024-08-29 Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a vi…
CVE-2024-1545 2024-08-29 Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victi…

旧名称

  • Hardware Features Enable Physical Attacks from Software (2021-10-28)

コンテンツ投稿

名称
Nicole Fern
組織
Cycuity (originally submitted as Tortuga Logic)
日付
2020-05-08
バージョン
4.1

コンテンツの変更履歴

日付 名称 バージョン 重要度 コメント
2020-08-20 CWE Content Team 4.2 updated Demonstrative_Examples, Description, Maintenance_Notes, Related_Attack_Patterns
2021-03-15 CWE Content Team 4.4 updated Demonstrative_Examples, Functional_Areas, Maintenance_Notes
2021-07-20 CWE Content Team 4.5 updated Demonstrative_Examples, Observed_Examples
2021-10-28 CWE Content Team 4.6 updated Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Modes_of_Introduction, Name, Observed_Examples, References, Relationships, Weakness_Ordinalities
2022-04-28 CWE Content Team 4.7 updated Applicable_Platforms
2022-06-28 CWE Content Team 4.8 updated Applicable_Platforms
2023-01-31 CWE Content Team 4.10 updated Related_Attack_Patterns
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-04-03 CWE Content Team 4.17 updated Demonstrative_Examples
2025-09-09 CWE Content Team 4.18 updated Relationships

貢献

タイプ 名称 日付 コメント
Content 2021-07-16 Provided Demonstrative Example for Hardware Root of Trust
Content Anders Nordstrom, Alric Althoff 2021-10-11 Provided detection method
Content Nicole Fern 2021-10-15 updated description and extended description, detection method, and observed examples
cvelogic Threat Intelligence