VYPR

CWE-1274

Improper Access Control for Volatile Memory Containing Boot Code

BaseStable

Description

The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient access control or other protections for the Volatile Memory.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-456 · CAPEC-679

CVEs mapped to this weakness (3)

  • CVE-2023-31345HigFeb 12, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.

  • CVE-2025-29950HigFeb 10, 2026
    risk 0.46cvss epss 0.00

    Improper input validation in system management mode (SMM) could allow a privileged attacker to overwrite stack memory leading to arbitrary code execution.

  • CVE-2024-36345MedMay 15, 2026
    risk 0.30cvss epss 0.00

    Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to perform an out-of-bounds read, potentially resulting in loss of confidentiality.