CWE-1274 9 件の CVE MITRE の定義 ↗

CWE-1274: Improper Access Control for Volatile Memory Containing Boot Code

概要

CWE-1274(Improper Access Control for Volatile Memory Containing Boot Code)は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。

セキュリティへの影響
セキュリティ影響:製品や文脈に依存します。CVE 記録、深刻度、MITRE の説明を参照して優先度を判断してください。

説明

The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient access control or other protections for the Volatile Memory.

適用プラットフォーム

種別 名称 クラス 普遍性 OS / CPE
language Not Language-Specific Undetermined
operating_system Not OS-Specific Undetermined
architecture Not Architecture-Specific Undetermined
technology Not Technology-Specific Undetermined

このデータベースの関連 CVE

これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。

CVE 公開 概要
CVE-2024-36345 2026-05-14 Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to perform an out-of-bounds read, potentially resulting in loss of confidenti…
CVE-2025-29950 2026-02-10 Improper input validation in system management mode (SMM) could allow a privileged attacker to overwrite stack memory leading to arbitrary code execution.
CVE-2025-65396 2026-01-14 A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the …
CVE-2025-59694 2025-12-02 The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to persistently modify firmware and influence …
CVE-2025-59404 2025-09-25 Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with its bootloader unlocked. This permits bypass of Android Verified Boot (AVB) and allows direct modification of partitions…
CVE-2025-4043 2025-05-07 An admin user can gain unauthorized write access to the /etc/rc.local file on the device, which is executed on a system boot.
CVE-2023-31345 2025-02-11 Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.
CVE-2022-2484 2023-01-06 The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious ker…
CVE-2022-2482 2023-01-06 A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script …

旧名称

  • Insufficient Protections on the Volatile Memory Containing Boot Code (2021-10-28)

コンテンツ投稿

名称
Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi
組織
Intel Corporation
日付
2020-04-25
バージョン
4.1

コンテンツの変更履歴

日付 名称 バージョン 重要度 コメント
2020-08-20 CWE Content Team 4.2 updated Demonstrative_Examples, Description, Related_Attack_Patterns
2021-10-28 CWE Content Team 4.6 updated Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Observed_Examples, Potential_Mitigations, Relationships, Weakness_Ordinalities
2022-04-28 CWE Content Team 4.7 updated Related_Attack_Patterns
2023-01-31 CWE Content Team 4.10 updated Related_Attack_Patterns
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2024-02-29 CWE Content Team 4.14 updated Detection_Factors
2025-04-03 CWE Content Team 4.17 updated Demonstrative_Examples
2025-12-11 CWE Content Team 4.19 updated Common_Consequences, Description

貢献

タイプ 名称 日付 コメント
Feedback Narasimha Kumar V Mangipudi 2021-10-20 suggested content improvements
Content Hareesh Khattri 2021-10-22 provided detection method
cvelogic Threat Intelligence