CVEbaza.plSłownik CWECWE-1262
Common Weakness Enumeration

CWE-1262

Improper Access Control for Register Interface

Kategoria: BaseCVE: 10
Opis

Produkt używa rejestrów I/O mapowanych w pamięci, które działają jako interfejs do funkcjonalności sprzętu z poziomu oprogramowania, ale istnieje niewłaściwa kontrola dostępu do tych rejestrów. Brak odpowiednich mechanizmów zabezpieczających może prowadzić do nieautoryzowanego dostępu lub modyfikacji krytycznych ustawień sprzętu.

Description (EN)

The product uses memory-mapped I/O registers that act as an interface to hardware functionality from software, but there is improper access control to those registers.

Podatności CVE z CWE-1262 (10)
8.7
CVSS
HIGH
CVE-2022-23005

Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability. This vulnerability may exist in some systems where the Host boot ROM code implements the UFS Boot feature to boot from UFS compliant storage devices. The UFS Boot feature, as specified in the UFS standard, is provided by UFS devices to support platforms that need to download the system boot loader from external non-volatile storage locations. Several scenarios have been identified in which adversaries may disable the boot capability, or revert to an old boot loader code, if the host boot ROM code is improperly implemented. UFS Host Boot ROM implementers may be impacted by this vulnerability. UFS devices are only impacted when connected to a vulnerable UFS Host and are not independently impacted by this vulnerability. When present, the vulnerability is in the UFS Host implementation and is not a vulnerability in Western Digital UFS Devices. Western Digital has provided details of the vulnerability to the JEDEC standards body, multiple vendors of host processors, and software solutions providers.

pub. 2023-01-23
7.9
CVSS
HIGH
CVE-2023-20599

Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP’s Crypto Co-Processor (CCP) registers from x86 resulting in potential loss of control of cryptographic key pointer/index leading to loss of integrity or confidentiality.

pub. 2025-06-10
7.8
CVSS
HIGH
CVE-2025-47385

Memory Corruption when accessing trusted execution environment without proper privilege check.

pub. 2026-03-02
7.2
CVSS
HIGH
CVE-2024-6354

Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the execute permission via the use of the PAM dashboard.

pub. 2024-06-26
6.5
CVSS
MEDIUM
CVE-2024-45556

Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR.

pub. 2025-04-07
5.5
CVSS
MEDIUM
CVE-2024-57492

An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of service via the round_up_to_page funciton.

pub. 2025-03-10
4.4
CVSS
MEDIUM
CVE-2025-20788

In GPU pdma, there is a possible memory corruption due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117735; Issue ID: MSV-4539.

pub. 2025-12-02
4.0
CVSS
MEDIUM
CVE-2025-54509

Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) potentially resulting in loss of integrity.

pub. 2026-06-09
2.8
CVSS
LOW
CVE-2025-36194

IBM PowerVM Hypervisor FW1110.00 do FW1110.03, FW1060.00 do FW1060.51 oraz FW950.00 do FW950.F0 mogą ujawnić ograniczoną ilość danych partycji równorzędnej w określonych konfiguracjach współdzielonych procesorów podczas pewnych operacji.

pub. 2026-02-02
2.3
CVSS
LOW
CVE-2025-1882

A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been rated as critical. Affected by this issue is some unknown functionality of the component Device Setting Handler. The manipulation leads to improper access control for register interface. The attack needs to be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life.

pub. 2025-03-03
Informacje
ID: CWE-1262
Typ: Base
Podatności: 10
MITRE CWE ↗
← Słownik CWE