CVEbaza.plSłownik CWECWE-1231
Common Weakness Enumeration

CWE-1231

Improper Prevention of Lock Bit Modification

Kategoria: BaseCVE: 3
Opis

Produkt wykorzystuje zaufany bit blokady do ograniczenia dostępu do rejestrów, regionów adresowych lub innych zasobów, ale nie zapobiega modyfikacji wartości bitu blokady po jego ustawieniu. Ta luka bezpieczeństwa pozwala na obejście zabezpieczeń poprzez zmianę stanu bitu blokady.

Description (EN)

The product uses a trusted lock bit for restricting access to registers, address regions, or other resources, but the product does not prevent the value of the lock bit from being modified after it has been set.

Podatności CVE z CWE-1231 (3)
7.5
CVSS
HIGH
CVE-2024-36354

Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to bypass SMM isolation potentially resulting in arbitrary code execution at the SMM level.

pub. 2025-09-06
6.7
CVSS
MEDIUM
CVE-2025-52536

Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity.

pub. 2026-02-10
6.0
CVSS
MEDIUM
CVE-2022-42285

DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering.

pub. 2023-01-13
Informacje
ID: CWE-1231
Typ: Base
Podatności: 3
MITRE CWE ↗
← Słownik CWE
CWE-1231 — Nieprawidłowa ochrona przed modyfikacją bitu blokady | Słownik CWE | CVEbaza.pl