CVEbaza.plCWE DictionaryCWE-1274
Common Weakness Enumeration

CWE-1274

Improper Access Control for Volatile Memory Containing Boot Code

Category: BaseCVE: 10
Description

The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient access control or other protections for the Volatile Memory.

CVE vulnerabilities with CWE-1274 (10)
8.4
CVSS
HIGH
CVE-2022-2482

A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader.

pub. 2023-01-06
8.4
CVSS
HIGH
CVE-2022-2484

The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs.

pub. 2023-01-06
7.5
CVSS
HIGH
CVE-2025-59404

Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with its bootloader unlocked. This permits bypass of Android Verified Boot (AVB) and allows direct modification of partitions.

pub. 2025-09-25
7.5
CVSS
HIGH
CVE-2023-31345

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.

pub. 2025-02-12
7.1
CVSS
HIGH
CVE-2025-29950

Improper input validation in system management mode (SMM) could allow a privileged attacker to overwrite stack memory leading to arbitrary code execution.

pub. 2026-02-10
6.8
CVSS
MEDIUM
CVE-2025-59694

The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to persistently modify firmware and influence the (insecurely configured) appliance boot process. To exploit this, the attacker must modify the firmware via JTAG or perform an upgrade to the chassis management board firmware. This is called F03.

pub. 2025-12-02
6.1
CVSS
MEDIUM
CVE-2025-65396

A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the boot, by shorting a data pin of the IC to ground. An attacker can then dump the entire firmware, leading to the disclosure of sensitive information including cryptographic keys and user configurations.

pub. 2026-01-14
6.1
CVSS
MEDIUM
CVE-2025-4043

An admin user can gain unauthorized write access to the /etc/rc.local file on the device, which is executed on a system boot.

pub. 2025-05-07
4.6
CVSS
MEDIUM
CVE-2024-36345

Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to perform an out-of-bounds read, potentially resulting in loss of confidentiality.

pub. 2026-05-15
Information
ID: CWE-1274
Type: Base
Vulnerabilities: 10
MITRE CWE ↗
← CWE Dictionary