Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1260 — Vulnerability Class 11

11 vulnerabilities classified as CWE-1260. AI Chinese analysis included.

CWE-1260 represents a critical memory management weakness where software improperly handles overlapping protected memory regions, potentially bypassing hardware-enforced access controls. This vulnerability typically arises when developers dynamically remap memory definitions without validating that new ranges do not intersect with existing protected zones. Attackers exploit this flaw by crafting inputs that trigger overlapping memory mappings, thereby gaining unauthorized read or write access to privileged data or code segments that should remain isolated. Such exploitation can lead to privilege escalation, data leakage, or system compromise. To prevent this, developers must implement rigorous validation checks before modifying memory region definitions, ensuring that any proposed remapping strictly avoids overlaps with protected areas. Utilizing static analysis tools and adhering to strict memory safety guidelines further mitigates the risk of unintended memory protection bypasses.

MITRE CWE Description
The product allows address regions to overlap, which can result in the bypassing of intended memory protection. Isolated memory regions and access control (read/write) policies are used by hardware to protect privileged software. Software components are often allowed to change or remap memory region definitions in order to enable flexible and dynamically changeable memory management by system software. If a software component running at lower privilege can program a memory address region to overlap with other memory regions used by software running at higher privilege, privilege escalation may be available to attackers. The memory protection unit (MPU) logic can incorrectly handle such an address overlap and allow the lower-privilege software to read or write into the protected memory region, resulting in privilege escalation attack. An address overlap weakness can also be used to launch a denial of service attack on the higher-privilege software memory regions.
Common Consequences (1)
Confidentiality, Integrity, AvailabilityModify Memory, Read Memory, DoS: Instability
Mitigations (2)
Architecture and DesignEnsure that memory regions are isolated as intended and that access control (read/write) policies are used by hardware to protect privileged software.
ImplementationFor all of the programmable memory protection regions, the memory protection unit (MPU) design can define a priority scheme. For example: if three memory regions can be programmed (Region_0, Region_1, and Region_2), the design can enforce a priority scheme, such that, if a system address is within multiple regions, then the region with the lowest ID takes priority and the access-control policy of …
Effectiveness: High
Examples (2)
For example, consider a design with a 16-bit address that has two software privilege levels: Privileged_SW and Non_privileged_SW. To isolate the system memory regions accessible by these two privilege levels, the design supports three memory regions: Region_0, Region_1, and Region_2. Each region is defined by two 32 bit registers: its range and its access policy. Address_range[15:0]: specifies the…
Non_privileged_SW can program the Address_range register for Region_2 so that its address overlaps with the ranges defined by Region_0 or Region_1. Using this capability, it is possible for Non_privileged_SW to block any memory region from being accessed by Privileged_SW, i.e., Region_0 and Region_1.
Bad
Ensure that software accesses to memory regions are only permitted if all three filters permit access. Additionally, the scheme could define a memory region priority to ensure that Region_2 (the memory region defined by Non_privileged_SW) cannot overlap Region_0 or Region_1 (which are used by Privileged_SW).
Good
The example code below is taken from the IOMMU controller module of the HACK@DAC'19 buggy CVA6 SoC [REF-1338]. The static memory map is composed of a set of Memory-Mapped Input/Output (MMIO) regions covering different IP agents within the SoC. Each region is defined by two 64-bit variables representing the base address and size of the memory region (XXXBase and XXXLength).
... localparam logic[63:0] PLICLength = 64'h03FF_FFFF; localparam logic[63:0] UARTLength = 64'h0011_1000; localparam logic[63:0] AESLength = 64'h0000_1000; localparam logic[63:0] SPILength = 64'h0080_0000; ... typedef enum logic [63:0] { ... PLICBase = 64'h0C00_0000, UARTBase = 64'h1000_0000, AESBase = 64'h1010_0000, SPIBase = 64'h2000_0000, ...
Bad · Verilog
... localparam logic[63:0] PLICLength = 64'h03FF_FFFF; localparam logic[63:0] UARTLength = 64'h0000_1000; localparam logic[63:0] AESLength = 64'h0000_1000; localparam logic[63:0] SPILength = 64'h0080_0000; ... typedef enum logic [63:0] { ... PLICBase = 64'h0C00_0000, UARTBase = 64'h1000_0000, AESBase = 64'h1010_0000, SPIBase = 64'h2000_0000, ...
Good · Verilog
CVE IDTitleCVSSSeverityPublished
CVE-2018-25240 Watchr 1.1.0.0 Denial of Service via Search — Watchr 6.2 Medium2026-04-04
CVE-2018-25238 VSCO 1.1.1.0 Denial of Service via Search — VSCO 6.2 Medium2026-04-04
CVE-2019-25602 GSearch 1.0.1.0 Denial of Service via Search Input — GSearch 5.5 Medium2026-03-22
CVE-2019-25592 PHPRunner 10.1 Denial of Service via Dashboard Name Field — PHPRunner 6.2 Medium2026-03-22
CVE-2019-25585 Deluge 1.3.15 Denial of Service via Webseeds Field — Deluge 6.2 Medium2026-03-22
CVE-2019-25572 NordVPN 6.19.6 Denial of Service via Email Field Buffer Overflow — NordVPN 6.2 Medium2026-03-21
CVE-2019-25570 RealTerm Serial Terminal 2.0.0.70 Denial of Service via Port Field — RealTerm: Serial Terminal 5.5 Medium2026-03-21
CVE-2019-25559 SpotPaltalk 1.1.5 Name/Key Field Denial of Service — SpotPaltalk 5.5 Medium2026-03-21
CVE-2025-0012 AMD EPYC 安全漏洞 — AMD EPYC™ 9005 Series Processors 8.1AIHighAI2026-02-10
CVE-2025-29948 AMD EPYC Processor 安全漏洞 — AMD EPYC™ 9005 Series Processors 7.1AIHighAI2026-02-10
CVE-2022-27813 Unconfigured memory protection modules in Motorola MTM5000 — Mobile Radio 8.1 High2023-10-19

Vulnerabilities classified as CWE-1260 represent 11 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.