Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1222 — Vulnerability Class 1

1 vulnerabilities classified as CWE-1222. AI Chinese analysis included.

CWE-1222 represents a hardware design weakness where register locks protect overly broad address regions, creating a conflict between operational flexibility and security integrity. This flaw typically arises when a single control bit secures a large memory block, preventing necessary software modifications during runtime while the system is active. Attackers exploit this by leveraging the inability to update specific configurations, potentially causing denial of service or forcing the system into an insecure state if the lock cannot be properly managed. To mitigate this risk, developers must implement fine-grained locking mechanisms that isolate critical configuration registers from general operational memory. By defining precise, smaller address regions for individual lock controls, engineers ensure that essential updates can occur without compromising the security boundaries established during the boot process, thereby balancing functionality with robust protection.

MITRE CWE Description
The product defines a large address region protected from modification by the same register lock control bit. This results in a conflict between the functional requirement that some addresses need to be writable by software during operation and the security requirement that the system configuration lock bit must be set during the boot process. Integrated circuits and hardware IPs can expose the device configuration controls that need to be programmed after device power reset by a trusted firmware or software module (commonly set by BIOS/bootloader) and then locked from any further modification. In hardware design, this is commonly implemented using a programmable lock bit which enables/disables writing to a protected set of registers or address regions. When the programmable lock bit is set, the relevant address region can be implemented as a hardcoded value in hardware logic that cannot be changed later. A problem can arise wherein the protected region definition is not granular enough. After the programmable lock bit has been set, then this new functionality cannot be implemented without change to the hardware design.
Common Consequences (1)
Access ControlOther
System security configuration cannot be defined in a way that does not conflict with functional requirements of device.
Mitigations (1)
Architecture and DesignThe defining of protected locked registers should be reviewed or tested early in the design phase with software teams to ensure software flows are not blocked by the security locks. As an alternative to using register lock control bits and fixed access control regions, the hardware design could use programmable security access control configuration so that device trusted firmware can configure and…
Examples (1)
For example, consider a hardware unit with a 32 kilobyte configuration address space where the first 8 kilobyte address contains security sensitive controls that must only be writable by device bootloader. One way to protect the security configuration could be to define a 32 bit system configuration locking register (SYS_LOCK) where each bit lock locks the corresponding 1 kilobyte region.
Address Register 0x0000 SYS_LOCK: 32 bit system configuration lock register, each bit is write-1-once 0x0004 SECURITY_FEATURE_ENABLE: 32 bit register controlling enabling of security features ... 0x0310 SW_MODE: 32 bit Software Mode indication register Address region Lock bit 0x0000 - 0x03FF SYS_LOCK[0] 0x0400 - 0x07FF SYS_LOCK[1] ... 0x7C00 - 0x7FFF SYS_LOCK[31]
Bad · Other
CVE IDTitleCVSSSeverityPublished
CVE-2025-21283 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability — Microsoft Edge (Chromium-based) 6.5 Medium2025-02-06

Vulnerabilities classified as CWE-1222 represent 1 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.