Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-591 (敏感数据存储于加锁不恰当的内存区域) — Vulnerability Class 73

73 vulnerabilities classified as CWE-591 (敏感数据存储于加锁不恰当的内存区域). AI Chinese analysis included.

CWE-591 represents a critical data exposure weakness where applications store sensitive information in memory regions that are not properly locked or are incorrectly managed by the operating system’s virtual memory manager. This oversight allows the system to swap these memory pages to disk storage, such as swap files or hibernation files, rendering the confidential data accessible to external actors who gain physical or administrative access to the storage medium. Attackers typically exploit this by analyzing disk dumps or swap files to retrieve plaintext secrets like passwords or cryptographic keys. To mitigate this risk, developers must explicitly lock sensitive memory pages using platform-specific APIs, such as VirtualLock on Windows or mlock on Unix-like systems, ensuring that critical data remains strictly in physical RAM and is never written to persistent storage, thereby preventing unauthorized recovery after the application releases the memory.

MITRE CWE Description
The product stores sensitive data in memory that is not locked, or that has been incorrectly locked, which might cause the memory to be written to swap files on disk by the virtual memory manager. This can make the data more accessible to external actors. On Windows systems the VirtualLock function can lock a page of memory to ensure that it will remain present in memory and not be swapped to disk. However, on older versions of Windows, such as 95, 98, or Me, the VirtualLock() function is only a stub and provides no protection. On POSIX systems the mlock() call ensures that a page will stay resident in memory but does not guarantee that the page will not appear in the swap. Therefore, it is unsuitable for use as a protection mechanism for sensitive data. Some platforms, in particular Linux, do make the guarantee that the page will not be swapped, but this is non-standard and is not portable. Calls to mlock() also require supervisor privilege. Return values for both of these calls must be checked to ensure that the lock operation was actually successful.
Common Consequences (1)
ConfidentialityRead Application Data, Read Memory
Sensitive data that is written to a swap file may be exposed.
Mitigations (2)
Architecture and DesignIdentify data that needs to be protected from swapping and choose platform-appropriate protection mechanisms.
ImplementationCheck return values to ensure locking operations are successful.
CVE IDTitleCVSSSeverityPublished
CVE-2023-28229 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability — Windows 10 Version 1809 7.0 High2023-04-11
CVE-2023-28224 Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability — Windows 10 Version 1809 7.1 High2023-04-11
CVE-2023-28220 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability — Windows 10 Version 1809 8.1 High2023-04-11
CVE-2023-28219 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability — Windows 10 Version 1809 8.1 High2023-04-11
CVE-2023-23414 Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability — Windows 10 Version 1809 7.1 High2023-03-14
CVE-2023-23407 Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability — Windows 10 Version 1809 7.1 High2023-03-14
CVE-2023-23393 Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability — Windows 10 Version 1809 7.0 High2023-03-14
CVE-2023-21766 Windows Overlay Filter Information Disclosure Vulnerability — Windows 10 Version 1809 4.7 Medium2023-01-10
CVE-2023-21739 Windows Bluetooth Driver Elevation of Privilege Vulnerability — Windows 10 Version 1809 7.0 High2023-01-10
CVE-2023-21548 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — Windows 10 Version 1809 8.1 High2023-01-10
CVE-2023-21546 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability — Windows 10 Version 1809 8.1 High2023-01-10
CVE-2023-21535 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — Windows 10 Version 1809 8.1 High2023-01-10
CVE-2023-21771 Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability — Windows Server 2022 7.0 High2023-01-10

Vulnerabilities classified as CWE-591 (敏感数据存储于加锁不恰当的内存区域) represent 73 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.