CWE-1274
Improper Access Control for Volatile Memory Containing Boot Code
BaseStable
Description
The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient access control or other protections for the Volatile Memory.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-456 · CAPEC-679
CVEs mapped to this weakness (2)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-31345 | Hig | 0.49 | 7.5 | 0.00 | Feb 12, 2025 | Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. | |
| CVE-2025-29950 | Hig | 0.46 | — | 0.00 | Feb 10, 2026 | Improper input validation in system management mode (SMM) could allow a privileged attacker to overwrite stack memory leading to arbitrary code execution. |