CWE-1262
Improper Access Control for Register Interface
Description
The product uses memory-mapped I/O registers that act as an interface to hardware functionality from software, but there is improper access control to those registers.
{"xhtml:p":["Software commonly accesses peripherals in a System-on-Chip (SoC) or other device through a memory-mapped register interface. Malicious software could tamper with any security-critical hardware data that is accessible directly or indirectly through the register interface, which could lead to a loss of confidentiality and integrity."]}
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Read Memory, Read Application Data, Modify Memory, Modify Application Data, Gain Privileges or Assume Identity, Bypass Protection Mechanism, Unexpected State, Alter Execution Logic
Potential Mitigations
Design proper policies for hardware register access from software.
Ensure that access control policies for register access are implemented in accordance with the specified design.
CVE-2014-2915virtualization product does not restrict access to debug and other processor registers in the hardware, allowing a crash of the host or guest OS
CVE-2021-3011virtual interrupt controller in a virtualization product allows crash of host by writing a certain invalid value to a register, which triggers a fatal error instead of returning an error code
CVE-2020-12446Driver exposes access to Model Specific Register (MSR) registers, allowing admin privileges.
CVE-2015-2150Virtualization product does not restrict access to PCI command registers, allowing host crash from the guest.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now