CWE-1223: Race Condition for Write-Once Attributes
A write-once register in hardware design is programmable by an untrusted software component earlier than the trusted software component, resulting in a race condition issue.
Last updated
Overview
Integrated circuits and hardware IP software programmable controls and settings are commonly stored in register circuits. These register contents have to be initialized at hardware reset to defined default values that are hard coded in the hardware description language (HDL) code of the hardware unit. A common security protection method used to protect register settings from modification by software is to make them write-once. This means the hardware implementation only allows writing to such registers once, and they become read-only after having been written once by software. This is useful to allow initial boot software to configure systems settings to secure values while blocking runtime software from modifying such hardware settings. Implementation issues in hardware design of such controls can expose such registers to a race condition security flaw. For example, consider a hardware design that has two different software/firmware modules executing in parallel. One module is trusted (module A) and another is untrusted (module B). In this design it could be possible for Module B to send write cycles to the write-once register before Module A. Since the field is write-once the programmed value from Module A will be ignored and the pre-empted value programmed by Module B will be used by hardware.
Real-world CVEs
2 recorded CVEs are caused by CWE-1223 (Race Condition for Write-Once Attributes). The highest-severity and most recent are shown first. 0 new CWE-1223 CVEs have been recorded so far in 2026 (1 in 2025).
Common consequences
What can happen when CWE-1223 is exploited.
Bypass Protection Mechanism
Affects: Access Control
System configuration cannot be programmed in a secure way.
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Applies to
Languages
Technologies
How to prevent it
Practical mitigations for CWE-1223, grouped by where in the lifecycle they apply.
During hardware design, all register write-once or sticky fields must be evaluated for proper configuration.
How to detect it
Automated Analysis
The testing phase should use automated tools to test that values are not reprogrammable and that write-once fields lock on writing zeros.
Code examples
Illustrative examples from MITRE showing how the weakness appears in code.
Consider the example design module system Verilog code shown below. register_write_once_example module is an example of register that has a write-once field defined. Bit 0 field captures the write_once_status value.
The first system component that sends a write cycle to this register can program the value. This could result in a race condition security issue in the SoC design, if an untrusted agent is running in the system in parallel with the trusted component that is expected to program the register.
Attack patterns
CAPEC attack patterns that exploit this weakness.
Frequently asked questions
Common questions about CWE-1223.
- What is CWE-1223?
- A write-once register in hardware design is programmable by an untrusted software component earlier than the trusted software component, resulting in a race condition issue.
- What CVEs are caused by CWE-1223?
- 2 recorded CVEs are attributed to CWE-1223, including CVE-2024-2975, CVE-2025-0077.
- How do you prevent CWE-1223?
- During hardware design, all register write-once or sticky fields must be evaluated for proper configuration.
- How is CWE-1223 detected?
- Automated Analysis: The testing phase should use automated tools to test that values are not reprogrammable and that write-once fields lock on writing zeros.
- What are the consequences of CWE-1223?
- Exploiting CWE-1223 can lead to: Bypass Protection Mechanism.
- Is CWE-1223 actively exploited?
- 2 recorded CVEs are caused by CWE-1223; none are currently in CISA's KEV catalog of actively exploited flaws.
References
- MITRE CWE definition (CWE-1223) (opens in a new tab)
- CWE-1223 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-1223
Get alerted the moment a new CWE-1223 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.