CWE-1234: Hardware Internal or Debug Modes Allow Override of Locks

System configuration protection may be bypassed during debug mode.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

Device configuration controls are commonly programmed after a device power reset by a trusted firmware or software module (e.g., BIOS/bootloader) and then locked from any further modification. This is commonly implemented using a trusted lock bit, which when set, disables writes to a protected set of registers or address regions. The lock protection is intended to prevent modification of certain system configuration (e.g., memory/memory protection unit configuration). If debug features supported by hardware or internal modes/system states are supported in the hardware design, modification of the lock protection may be allowed allowing access and modification of configuration information.

CWE-1234: Hardware Internal or Debug Modes Allow Override of Locks

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

Code examples

Attack patterns

Frequently asked questions

What is CWE-1234?

What CVEs are caused by CWE-1234?

What are the consequences of CWE-1234?

Is CWE-1234 actively exploited?

References

Stay ahead of CWE-1234

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

Code examples

Related weaknesses

Parent

Attack patterns

Frequently asked questions

What is CWE-1234?

What CVEs are caused by CWE-1234?

What are the consequences of CWE-1234?

Is CWE-1234 actively exploited?

References

Stay ahead of CWE-1234