CWE-1257: Improper Access Control Applied to Mirrored or Aliased Memory Regions
Aliased or mirrored memory regions in hardware designs may have inconsistent read/write permissions enforced by the hardware. A possible result is that an untrusted agent is blocked from accessing a memory region but is not blocked from accessing the corresponding aliased memory region.
Last updated
Overview
Hardware product designs often need to implement memory protection features that enable privileged software to define isolated memory regions and access control (read/write) policies. Isolated memory regions can be defined on different memory spaces in a design (e.g. system physical address, virtual address, memory mapped IO). Each memory cell should be mapped and assigned a system address that the core software can use to read/write to that memory. It is possible to map the same memory cell to multiple system addresses such that read/write to any of the aliased system addresses would be decoded to the same memory cell. This is commonly done in hardware designs for redundancy and simplifying address decoding logic. If one of the memory regions is corrupted or faulty, then that hardware can switch to using the data in the mirrored memory region. Memory aliases can also be created in the system address map if the address decoder unit ignores higher order address bits when mapping a smaller address region into the full system address. A common security weakness that can exist in such memory mapping is that aliased memory regions could have different read/write access protections enforced by the hardware such that an untrusted agent is blocked from accessing a memory address but is not blocked from accessing the corresponding aliased memory address. Such inconsistency can then be used to bypass the access protection of the primary memory block and read or modify the protected memory. An untrusted agent could also possibly create memory aliases in the system address map for malicious purposes if it is able to change the mapping of an address region or modify memory region sizes.
Real-world CVEs
3 recorded CVEs are caused by CWE-1257 (Improper Access Control Applied to Mirrored or Aliased Memory Regions). The highest-severity and most recent are shown first. 0 new CWE-1257 CVEs have been recorded so far in 2026 (2 in 2025).
Common consequences
What can happen when CWE-1257 is exploited.
Read Memory
Affects: Confidentiality
Modify Memory
Affects: Integrity
DoS: Instability
Affects: Availability
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Applies to
Technologies
How to prevent it
Practical mitigations for CWE-1257, grouped by where in the lifecycle they apply.
The checks should be applied for consistency access rights between primary memory regions and any mirrored or aliased memory regions. If different memory protection units (MPU) are protecting the aliased regions, their protected range definitions and policies should be synchronized.
The controls that allow enabling memory aliases or changing the size of mapped memory regions should only be programmable by trusted software components.
Code examples
Illustrative examples from MITRE showing how the weakness appears in code.
In a System-on-a-Chip (SoC) design the system fabric uses 16 bit addresses. An IP unit (Unit_A) has 4 kilobyte of internal memory which is mapped into a 16 kilobyte address range in the system fabric address map.
To protect the register controls in Unit_A unprivileged software is blocked from accessing addresses between 0x0000 - 0x0FFF.
The address decoder of Unit_A masks off the higher order address bits and decodes only the lower 12 bits for computing the offset into the 4 kilobyte internal memory space.
Attack patterns
CAPEC attack patterns that exploit this weakness.
Frequently asked questions
Common questions about CWE-1257.
- What is CWE-1257?
- Aliased or mirrored memory regions in hardware designs may have inconsistent read/write permissions enforced by the hardware. A possible result is that an untrusted agent is blocked from accessing a memory region but is not blocked from accessing the corresponding aliased memory region.
- What CVEs are caused by CWE-1257?
- 3 recorded CVEs are attributed to CWE-1257, including CVE-2025-36600, CVE-2025-27032, CVE-2019-1174.
- How do you prevent CWE-1257?
- The checks should be applied for consistency access rights between primary memory regions and any mirrored or aliased memory regions. If different memory protection units (MPU) are protecting the aliased regions, their protected range definitions and policies should be synchronized.
- What are the consequences of CWE-1257?
- Exploiting CWE-1257 can lead to: Read Memory, Modify Memory, DoS: Instability.
- Is CWE-1257 actively exploited?
- 3 recorded CVEs are caused by CWE-1257; none are currently in CISA's KEV catalog of actively exploited flaws.
References
- MITRE CWE definition (CWE-1257) (opens in a new tab)
- CWE-1257 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-1257
Get alerted the moment a new CWE-1257 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.