Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1262 — Vulnerability Class 6

6 vulnerabilities classified as CWE-1262. AI Chinese analysis included.

CWE-1262 represents a critical access control weakness where software improperly manages permissions for memory-mapped I/O registers, which serve as the primary interface between software and hardware peripherals in System-on-Chip architectures. This vulnerability typically arises when security-critical registers lack adequate restrictions, allowing malicious or compromised applications to tamper with hardware data directly. Attackers exploit this by reading sensitive configuration states or writing unauthorized commands to modify hardware behavior, potentially bypassing security mechanisms or causing system instability. To prevent such exploits, developers must implement strict access control lists and privilege separation models for register interfaces. This involves ensuring that only trusted, high-privilege components can access sensitive registers, while enforcing hardware-enforced memory protection units to isolate critical hardware functions from untrusted software contexts, thereby maintaining system integrity and confidentiality.

MITRE CWE Description
The product uses memory-mapped I/O registers that act as an interface to hardware functionality from software, but there is improper access control to those registers. Software commonly accesses peripherals in a System-on-Chip (SoC) or other device through a memory-mapped register interface. Malicious software could tamper with any security-critical hardware data that is accessible directly or indirectly through the register interface, which could lead to a loss of confidentiality and integrity.
Common Consequences (1)
Confidentiality, IntegrityRead Memory, Read Application Data, Modify Memory, Modify Application Data, Gain Privileges or Assume Identity, Bypass Protection Mechanism, Unexpected State, Alter Execution Logic
Confidentiality of hardware assets may be violated if the protected information can be read out by software through the register interface. Registers storing security state, settings, other security-critical data may be corruptible by software without correctly implemented protections.
Mitigations (2)
Architecture and DesignDesign proper policies for hardware register access from software.
ImplementationEnsure that access control policies for register access are implemented in accordance with the specified design.
Examples (2)
The register interface provides software access to hardware functionality. This functionality is an attack surface. This attack surface may be used to run untrusted code on the system through the register interface. As an example, cryptographic accelerators require a mechanism for software to select modes of operation and to provide plaintext or ciphertext data to be encrypted or decrypted as well…
Cryptographic key material stored in registers inside the cryptographic accelerator can be accessed by software.
Bad · Other
Key material stored in registers should never be accessible to software. Even if software can provide a key, all read-back paths to software should be disabled.
Good · Other
The example code is taken from the Control/Status Register (CSR) module inside the processor core of the HACK@DAC'19 buggy CVA6 SoC [REF-1340]. In RISC-V ISA [REF-1341], the CSR file contains different sets of registers with different privilege levels, e.g., user mode (U), supervisor mode (S), hypervisor mode (H), machine mode (M), and debug mode (D), with different read-write policies, read-only …
if (csr_we || csr_read) begin if ((riscv::priv_lvl_t'(priv_lvl_o & csr_addr.csr_decode.priv_lvl) != csr_addr.csr_decode.priv_lvl) && !(csr_addr.address==riscv::CSR_MEPC)) begin csr_exception_o.cause = riscv::ILLEGAL_INSTR; csr_exception_o.valid = 1'b1; end // check access to debug mode only CSRs if (csr_addr_i[11:4] == 8'h7b && !debug_mode_q) begin csr_exception_o.cause = riscv::ILLEGAL_INSTR; csr_exception_o.valid = 1'b1; end end
Bad · Verilog
if (csr_we || csr_read) begin if ((riscv::priv_lvl_t'(priv_lvl_o & csr_addr.csr_decode.priv_lvl) != csr_addr.csr_decode.priv_lvl)) begin csr_exception_o.cause = riscv::ILLEGAL_INSTR; csr_exception_o.valid = 1'b1; end // check access to debug mode only CSRs if (csr_addr_i[11:4] == 8'h7b && !debug_mode_q) begin csr_exception_o.cause = riscv::ILLEGAL_INSTR; csr_exception_o.valid = 1'b1; end end
Good · Verilog
CVE IDTitleCVSSSeverityPublished
CVE-2025-47385 Improper Access Control for Register Interface in SCE-Mink — Snapdragon 7.8 High2026-03-02
CVE-2025-36194 This Power System update is being released to address — PowerVM Hypervisor 2.8 Low2026-02-02
CVE-2025-20788 MediaTek Chipsets 安全漏洞 — MT6991, MT8196 5.0AIMediumAI2025-12-02
CVE-2023-20599 AMD EPYC 安全漏洞 — AMD EPYC™ 7002 Series Processors 7.9 High2025-06-10
CVE-2024-45556 Improper Access Control for Register Interface in TZ Firmware — Snapdragon 6.5 Medium2025-04-07
CVE-2025-1882 i-Drive i11/i12 Device Setting improper access control for register interface — i11 5.0 Medium2025-03-03

Vulnerabilities classified as CWE-1262 represent 6 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.