logo

Assumed-Immutable Data is Stored in Writable Memory

Incomplete Base
Structure: Simple
Description

This vulnerability occurs when data that should be permanent and unchangeable—like a bootloader, device IDs, or one-time configuration settings—is placed in memory that can be rewritten or updated after deployment.

Extended Description

Core security features like secure boot, code authentication, and device attestation rely on trusted assets such as initial boot code, cryptographic keys, and reference integrity measurements. These assets must be stored in truly immutable hardware like read-only memory (ROM), fused circuits, or one-time programmable (OTP) memory. This hardware-level protection creates a reliable root of trust, ensuring these critical components cannot be tampered with. If these assumed-to-be-permanent assets are stored in rewritable memory like flash or EEPROM, the entire security model collapses. An attacker with sufficient access could modify the bootloader, replace authentication keys, or alter device identity, bypassing security checks and compromising the system. The integrity of the security chain is only as strong as the immutability of its foundational components.
Common Consequences 1
Scope: Integrity

Impact: Varies by Context
Potential Mitigations 1
Phase: Implementation
All immutable code or data should be programmed into ROM or write-once memory.
Demonstrative Examples 1
Cryptographic hash functions are commonly used to create unique fixed-length digests used to ensure the integrity of code and keys. A golden digest is stored on the device and compared to the digest computed from the data to be verified. If the digests match, the data has not been maliciously modified. If an attacker can modify the golden digest they then have the ability to store arbitrary data that passes the verification check. Hash digests used to verify public keys and early stage boot code should be immutable, with the strongest protection offered by hardware immutability.
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Technologies:
Not Technology-Specific : Undetermined
Modes of Introduction
Implementation
Related Attack Patterns
Related Weaknesses
ChildOf: Exposure of Resource to Wrong Sphere (CWE-668)
CanPrecede: Modification of Assumed-Immutable Data (MAID) (CWE-471)
Notes
MaintenanceThis entry is still under development and will continue to see updates and content improvements.
MaintenanceAs of CWE 4.3, Assumed-Immutable Data is Stored in Writable Memory and Security-Sensitive Hardware Controls with Missing Lock Bit Protection are being investigated for potential duplication or overlap.