目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-1260 类漏洞列表 11

CWE-1260 类弱点 11 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-1260 属于内存保护绕过漏洞。当产品允许受保护内存区域重叠时,硬件隔离与访问控制策略可能被破坏。攻击者通常利用此缺陷,通过构造重叠的地址空间来规避读写限制,从而访问或修改本应受保护的敏感数据。开发者应避免动态重映射内存时产生区域冲突,确保内存边界清晰且互不重叠,以维持系统的安全隔离机制。

MITRE CWE 官方描述
CWE:CWE-1260 对受保护内存区域之间重叠的处理不当 英文:产品允许地址区域重叠,这可能导致绕过预期的内存保护。 硬件使用隔离的内存区域和访问控制(read/write)策略来保护特权软件。软件组件通常被允许更改或重新映射内存区域定义,以便由系统软件实现灵活且动态可变的内存管理。如果以较低特权运行的软件组件能够将内存地址区域编程为与以较高特权运行的软件所使用的其他内存区域重叠,则攻击者可能实现权限提升(privilege escalation)。内存保护单元(MPU)逻辑可能错误地处理此类地址重叠,允许较低特权的软件读取或写入受保护的内存区域,从而导致权限提升攻击。地址重叠弱点也可用于对较高特权软件内存区域发起拒绝服务(denial of service)攻击。
常见影响 (1)
Confidentiality, Integrity, AvailabilityModify Memory, Read Memory, DoS: Instability
缓解措施 (2)
Architecture and DesignEnsure that memory regions are isolated as intended and that access control (read/write) policies are used by hardware to protect privileged software.
ImplementationFor all of the programmable memory protection regions, the memory protection unit (MPU) design can define a priority scheme. For example: if three memory regions can be programmed (Region_0, Region_1, and Region_2), the design can enforce a priority scheme, such that, if a system address is within multiple regions, then the region with the lowest ID takes priority and the access-control policy of …
Effectiveness: High
代码示例 (2)
For example, consider a design with a 16-bit address that has two software privilege levels: Privileged_SW and Non_privileged_SW. To isolate the system memory regions accessible by these two privilege levels, the design supports three memory regions: Region_0, Region_1, and Region_2. Each region is defined by two 32 bit registers: its range and its access policy. Address_range[15:0]: specifies the…
Non_privileged_SW can program the Address_range register for Region_2 so that its address overlaps with the ranges defined by Region_0 or Region_1. Using this capability, it is possible for Non_privileged_SW to block any memory region from being accessed by Privileged_SW, i.e., Region_0 and Region_1.
Bad
Ensure that software accesses to memory regions are only permitted if all three filters permit access. Additionally, the scheme could define a memory region priority to ensure that Region_2 (the memory region defined by Non_privileged_SW) cannot overlap Region_0 or Region_1 (which are used by Privileged_SW).
Good
The example code below is taken from the IOMMU controller module of the HACK@DAC'19 buggy CVA6 SoC [REF-1338]. The static memory map is composed of a set of Memory-Mapped Input/Output (MMIO) regions covering different IP agents within the SoC. Each region is defined by two 64-bit variables representing the base address and size of the memory region (XXXBase and XXXLength).
... localparam logic[63:0] PLICLength = 64'h03FF_FFFF; localparam logic[63:0] UARTLength = 64'h0011_1000; localparam logic[63:0] AESLength = 64'h0000_1000; localparam logic[63:0] SPILength = 64'h0080_0000; ... typedef enum logic [63:0] { ... PLICBase = 64'h0C00_0000, UARTBase = 64'h1000_0000, AESBase = 64'h1010_0000, SPIBase = 64'h2000_0000, ...
Bad · Verilog
... localparam logic[63:0] PLICLength = 64'h03FF_FFFF; localparam logic[63:0] UARTLength = 64'h0000_1000; localparam logic[63:0] AESLength = 64'h0000_1000; localparam logic[63:0] SPILength = 64'h0080_0000; ... typedef enum logic [63:0] { ... PLICBase = 64'h0C00_0000, UARTBase = 64'h1000_0000, AESBase = 64'h1010_0000, SPIBase = 64'h2000_0000, ...
Good · Verilog
CVE ID标题CVSS风险等级Published
CVE-2018-25240 Watchr 安全漏洞 — Watchr 6.2 Medium2026-04-04
CVE-2018-25238 VSCO 安全漏洞 — VSCO 6.2 Medium2026-04-04
CVE-2019-25602 GSearch 安全漏洞 — GSearch 5.5 Medium2026-03-22
CVE-2019-25592 XLineSoft PHPRunner 安全漏洞 — PHPRunner 6.2 Medium2026-03-22
CVE-2019-25585 Deluge 安全漏洞 — Deluge 6.2 Medium2026-03-22
CVE-2019-25572 NordVPN 安全漏洞 — NordVPN 6.2 Medium2026-03-21
CVE-2019-25570 RealTerm Serial Terminal 安全漏洞 — RealTerm: Serial Terminal 5.5 Medium2026-03-21
CVE-2019-25559 Nsasoft SpotPaltalk 安全漏洞 — SpotPaltalk 5.5 Medium2026-03-21
CVE-2025-0012 AMD EPYC 安全漏洞 — AMD EPYC™ 9005 Series Processors 8.1AIHighAI2026-02-10
CVE-2025-29948 AMD EPYC Processor 安全漏洞 — AMD EPYC™ 9005 Series Processors 7.1AIHighAI2026-02-10
CVE-2022-27813 Motorola MTM5000 安全漏洞 — Mobile Radio 8.1 High2023-10-19

CWE-1260 是常见的弱点类别,本平台收录该类弱点关联的 11 条 CVE 漏洞。