CWE-1274 Base Stable

Improper Access Control for Volatile Memory Containing Boot Code

This vulnerability occurs when a system's secure-boot process loads bootloader code into volatile memory (like DRAM or SRAM) but fails to properly lock down that memory region afterward. Without…

Définition

What is CWE-1274?

This vulnerability occurs when a system's secure-boot process loads bootloader code into volatile memory (like DRAM or SRAM) but fails to properly lock down that memory region afterward. Without strong access controls, an attacker can modify the boot code in memory, bypassing secure boot and running malicious software.

During a secure boot, the initial read-only memory (ROM) code inside a chip fetches the bootloader from external, non-volatile storage and copies it into internal volatile memory for execution. This code is authenticated as it's loaded. However, if the chip's memory protection unit (MPU) or similar hardware mechanisms don't enforce strict write or execute permissions on this volatile memory region after the transfer, the authenticated code becomes a sitting target. An attacker with physical or software access can then overwrite this now-unprotected boot code in volatile memory. This allows them to subvert the entire secure-boot chain, replacing the trusted bootloader with their own malicious payload before the system's main processor executes it, completely undermining the device's security foundation.

Impact réel

Real-world CVEs caused by CWE-1274

CVE-2019-2267

Locked memory regions may be modified through other interfaces in a secure-boot-loader image due to improper access control.

Comment les attaquants l'exploitent

Parcours de l'attaquant étape par étape

1
Identifier un chemin de code qui traite des entrées non fiables sans validation.
2
Élaborer une charge utile qui exploite le comportement non sécurisé — injection, traversal, débordement ou abus de logique.
3
Délivrer la charge utile via une requête normale et observer la réaction de l'application.
4
Itérer jusqu'à ce que la réponse divulgue des données, exécute le code de l'attaquant ou élève les privilèges.

Exemple de code vulnérable

Vulnerable Other

A typical SoC secure boot's flow includes fetching the next piece of code (i.e., the boot loader) from NVM (e.g., serial, peripheral interface (SPI) flash), and transferring it to DRAM/SRAM volatile, internal memory, which is more efficient.

Vulnérable Other

The volatile-memory protections or access controls are insufficient.

Exemple de code sécurisé

Secure Other

The memory from where the boot loader executes can be modified by an adversary.

Sécurisé Other

A good architecture should define appropriate protections or access controls to prevent modification by an adversary or untrusted agent, once the bootloader is authenticated.

What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.

Liste de contrôle de prévention

How to prevent CWE-1274

Architecture and Design Ensure that the design of volatile-memory protections is enough to prevent modification from an adversary or untrusted code.
Testing Test the volatile-memory protections to ensure they are safe from modification or untrusted code.

Signaux de détection

How to detect CWE-1274

Manual Analysis High

Ensure the volatile memory is lockable or has locks. Ensure the volatile memory is locked for writes from untrusted agents or adversaries. Try modifying the volatile memory from an untrusted agent, and ensure these writes are dropped.

Manual Analysis Moderate

Analyze the device using the following steps: 1. Identify all fabric master agents that are active during system Boot Flow when initial code is loaded from Non-volatile storage to volatile memory. 1. Identify the volatile memory regions that are used for storing loaded system executable program. 1. During system boot, test programming the identified memory regions in step 2 from all the masters identified in step 1. Only trusted masters should be allowed to write to the memory regions. For example, pluggable device peripherals should not have write access to program load memory regions.

Correction automatique Plexicus

Plexicus détecte automatiquement CWE-1274 et ouvre une PR de correction en moins de 60 secondes.

Codex Remedium analyse chaque commit, identifie cette faiblesse précise et livre une pull request prête à être relue avec le correctif. Pas de tickets. Pas de transferts.

Obtenir une démo Essayer Plexicus gratuitement

Questions fréquentes

Frequently asked questions

Qu'est-ce que CWE-1274 ?

Quelle est la gravité de CWE-1274 ?

MITRE n'a pas publié de note de probabilité d'exploitation pour cette faiblesse. Traitez-la comme un impact moyen jusqu'à ce que votre modèle de menace prouve le contraire.

Quels langages ou plateformes sont affectés par CWE-1274 ?

MITRE lists the following affected platforms: Not OS-Specific, Not Architecture-Specific, Not Technology-Specific.

Comment puis-je prévenir CWE-1274 ?

Ensure that the design of volatile-memory protections is enough to prevent modification from an adversary or untrusted code. Test the volatile-memory protections to ensure they are safe from modification or untrusted code.

Comment Plexicus détecte et corrige CWE-1274 ?

Le moteur SAST de Plexicus reconnaît la signature de flux de données de CWE-1274 à chaque commit. Lorsqu'une correspondance est trouvée, notre agent Codex Remedium ouvre une PR de correction avec le code corrigé, les tests et un résumé d'une ligne pour le relecteur.

Où puis-je en savoir plus sur CWE-1274 ?

MITRE publie la définition canonique à https://cwe.mitre.org/data/definitions/1274.html. Vous pouvez également consulter la documentation OWASP et NIST pour des conseils adjacents.

Faiblesses associées

Weaknesses related to CWE-1274

CWE-284 Parent

Improper Access Control

The software fails to properly limit who can access a resource, allowing unauthorized users or systems to interact with it.

CWE-1191 Frère

On-Chip Debug and Test Interface With Improper Access Control

This vulnerability occurs when a hardware chip's debug or test interface (like JTAG) lacks proper access controls. Without correct…

CWE-1220 Frère

Insufficient Granularity of Access Control

This vulnerability occurs when a system's access controls are too broad, allowing unauthorized users or processes to read or modify…

CWE-1224 Frère

Improper Restriction of Write-Once Bit Fields

This vulnerability occurs when hardware write-once protection mechanisms, often called 'sticky bits,' are incorrectly implemented,…

CWE-1231 Frère

Improper Prevention of Lock Bit Modification

This vulnerability occurs when hardware or firmware uses a lock bit to protect critical system registers or memory regions, but fails to…

CWE-1233 Frère

Security-Sensitive Hardware Controls with Missing Lock Bit Protection

This vulnerability occurs when a hardware device uses a lock bit to protect critical configuration registers, but the lock fails to…

CWE-1252 Frère

CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations

This vulnerability occurs when a CPU's hardware is not set up to enforce a strict separation between writing data to memory and executing…

CWE-1257 Frère

Improper Access Control Applied to Mirrored or Aliased Memory Regions

This vulnerability occurs when a hardware design maps the same physical memory to multiple addresses (aliasing or mirroring) but fails to…

CWE-1259 Frère

Improper Restriction of Security Token Assignment

This vulnerability occurs when a System-on-a-Chip (SoC) fails to properly secure its Security Token mechanism. These tokens control which…

Ressources

Arrêtez de payer par développeur.
Commencez à fermer la boucle.

Plexicus est l'ASPM natif IA qui scanne, filtre, corrige, penteste et explique — de façon autonome. Développeurs illimités, dépôts illimités, actions IA à usage équitable. Vrai niveau gratuit, €269/mo annuel quand vous êtes prêt.

Commencer gratuitement Réserver une démo