Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1274 — Vulnerability Class 5

5 vulnerabilities classified as CWE-1274. AI Chinese analysis included.

CWE-1274 represents a critical access control weakness where volatile memory holding boot code lacks sufficient protection during the secure-boot process. This vulnerability typically arises when bootloader code is transferred from non-volatile to volatile memory without adequate integrity checks or isolation mechanisms. Adversaries exploit this gap by bypassing secure-boot verification, allowing them to inject and execute malicious, untrusted code before the operating system initializes. Such attacks can lead to full system compromise, rootkit installation, or persistent malware that survives reboots. To prevent this, developers must implement strict memory protection schemes, such as hardware-enforced read-only permissions or cryptographic verification of code integrity in volatile storage. Additionally, utilizing trusted platform modules and ensuring that the secure-boot chain validates every stage of execution helps maintain system trust and prevents unauthorized code execution during the critical boot phase.

MITRE CWE Description
The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient access control or other protections for the Volatile Memory. Adversaries could bypass the secure-boot process and execute their own untrusted, malicious boot code. As a part of a secure-boot process, the read-only-memory (ROM) code for a System-on-Chip (SoC) or other system fetches bootloader code from Non-Volatile Memory (NVM) and stores the code in Volatile Memory (VM), such as dynamic, random-access memory (DRAM) or static, random-access memory (SRAM). The NVM is usually external to the SoC, while the VM is internal to the SoC. As the code is transferred from NVM to VM, it is authenticated by the SoC's ROM code.
Common Consequences (1)
Access Control, IntegrityModify Memory, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity
If the volatile-memory-region protections or access controls are insufficient to prevent modifications from an adversary or untrusted agent, the secure boot may be bypassed or replaced with the execution of an adversary's code.
Mitigations (2)
Architecture and DesignEnsure that the design of volatile-memory protections is enough to prevent modification from an adversary or untrusted code.
TestingTest the volatile-memory protections to ensure they are safe from modification or untrusted code.
Examples (1)
A typical SoC secure boot's flow includes fetching the next piece of code (i.e., the boot loader) from NVM (e.g., serial, peripheral interface (SPI) flash), and transferring it to DRAM/SRAM volatile, internal memory, which is more efficient.
The volatile-memory protections or access controls are insufficient.
Bad · Other
A good architecture should define appropriate protections or access controls to prevent modification by an adversary or untrusted agent, once the bootloader is authenticated.
Good · Other
CVE IDTitleCVSSSeverityPublished
CVE-2025-29950 AMD多款产品 安全漏洞 — AMD EPYC™ 9004 Series Processors 6.7AIMediumAI2026-02-10
CVE-2025-4043 Milesight UG65-868M-EA Improper Access Control for Volatile Memory Containing Boot Code — UG65-868M-EA 6.8 Medium2025-05-07
CVE-2023-31345 AMD Server Processor 输入验证错误漏洞 — AMD EPYC™ 7003 Processors 7.5 High2025-02-11
CVE-2022-2484 Nokia ASIK AirScale 5G Common System Module 安全漏洞 — ASIK AirScale 8.4 High2023-01-06
CVE-2022-2482 Nokia ASIK AirScale 5G Common System Module 安全漏洞 — ASIK AirScale 8.4 High2023-01-06

Vulnerabilities classified as CWE-1274 represent 5 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.