VariantIncomplete

CWE-1222Insufficient Granularity of Address Regions Protected by Register Locks

Category: other

Description

The product defines a large address region protected from modification by the same register lock control bit. This results in a conflict between the functional requirement that some addresses need to be writable by software during operation and the security requirement that the system configuration lock bit must be set during the boot process.

Common consequences· 1

  • Access Control — Other
    System security configuration cannot be defined in a way that does not conflict with functional requirements of device.

Potential mitigations· 1

  • [Architecture and Design]

Related CAPEC attack patterns· 1

CAPEC-679

References

  1. https://cwe.mitre.org/data/definitions/1222.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternExploitation of Improperly Configured or Implemented Memory Protectionscapec-679100%live

(incoming)1

TypeTargetConfidenceTier
VulnerabilityCVE-2025-21283cve-2025-212830%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Prevention of Lock Bit Modification
CWE
Security-Sensitive Hardware Controls with Missing Lock Bit Protection
CWE
Improper Access Control for Register Interface
CWE
Improper Restriction of Software Interfaces to Hardware Features
CWE
Improper Write Handling in Limited-write Non-Volatile Memories
CWE
Improper Access Control for Volatile Memory Containing Boot Code
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.