Common Weakness Enumeration

CWE-1262

Allowed

Improper Access Control for Register Interface

Abstraction: Base · Status: Stable

The product uses memory-mapped I/O registers that act as an interface to hardware functionality from software, but there is improper access control to those registers.

16 vulnerabilities reference this CWE, most recent first.

GHSA-7RC6-R844-3MWW

Vulnerability from github – Published: 2025-06-10 18:32 – Updated: 2025-11-21 21:30
VLAI
Details

Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP’s Crypto Co-Processor (CCP) registers from x86, resulting in potential loss of control of cryptographic key pointer/index, leading to loss of integrity or confidentiality.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20599"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1262"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-10T17:17:51Z",
    "severity": "HIGH"
  },
  "details": "Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP\u2019s Crypto Co-Processor (CCP) registers from x86, resulting in potential loss of control of cryptographic key pointer/index, leading to loss of integrity or confidentiality.",
  "id": "GHSA-7rc6-r844-3mww",
  "modified": "2025-11-21T21:30:15Z",
  "published": "2025-06-10T18:32:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20599"
    },
    {
      "type": "WEB",
      "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7039.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8PHC-9JC2-384H

Vulnerability from github – Published: 2025-04-07 12:33 – Updated: 2025-04-07 12:33
VLAI
Details

Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-45556"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1262"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-07T11:15:49Z",
    "severity": "MODERATE"
  },
  "details": "Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR.",
  "id": "GHSA-8phc-9jc2-384h",
  "modified": "2025-04-07T12:33:18Z",
  "published": "2025-04-07T12:33:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45556"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GCHR-732Q-FG34

Vulnerability from github – Published: 2026-06-09 18:31 – Updated: 2026-06-09 18:31
VLAI
Details

Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) potentially resulting in loss of integrity.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-54509"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1262"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T18:16:32Z",
    "severity": "MODERATE"
  },
  "details": "Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) potentially resulting in loss of integrity.",
  "id": "GHSA-gchr-732q-fg34",
  "modified": "2026-06-09T18:31:02Z",
  "published": "2026-06-09T18:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54509"
    },
    {
      "type": "WEB",
      "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3039.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-GW84-QF63-55GW

Vulnerability from github – Published: 2024-06-26 18:30 – Updated: 2025-03-13 21:31
VLAI
Details

Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the execute permission via the use of the PAM dashboard.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-6354"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1262"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-26T17:15:27Z",
    "severity": "HIGH"
  },
  "details": "Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the execute permission via the use of the PAM dashboard.",
  "id": "GHSA-gw84-qf63-55gw",
  "modified": "2025-03-13T21:31:08Z",
  "published": "2024-06-26T18:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6354"
    },
    {
      "type": "WEB",
      "url": "https://devolutions.net/security/advisories/DEVO-2024-0010"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HHVJ-4H4H-9XGP

Vulnerability from github – Published: 2026-03-02 18:31 – Updated: 2026-03-02 18:31
VLAI
Details

Memory Corruption when accessing trusted execution environment without proper privilege check.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-47385"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1262"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-02T17:16:27Z",
    "severity": "HIGH"
  },
  "details": "Memory Corruption when accessing trusted execution environment without proper privilege check.",
  "id": "GHSA-hhvj-4h4h-9xgp",
  "modified": "2026-03-02T18:31:45Z",
  "published": "2026-03-02T18:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47385"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2026-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VFP9-7P35-GG6G

Vulnerability from github – Published: 2026-02-03 00:30 – Updated: 2026-02-03 00:30
VLAI
Details

IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 may expose a limited amount of data to a peer partition in specific shared processor configurations during certain operations.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-36194"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1262"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-02T23:15:59Z",
    "severity": "LOW"
  },
  "details": "IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 may expose a limited amount of data to a peer partition in specific shared processor configurations during certain operations.",
  "id": "GHSA-vfp9-7p35-gg6g",
  "modified": "2026-02-03T00:30:18Z",
  "published": "2026-02-03T00:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36194"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7257555"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Design proper policies for hardware register access from software.

Mitigation
Implementation

Ensure that access control policies for register access are implemented in accordance with the specified design.

CAPEC-680: Exploitation of Improperly Controlled Registers

An adversary exploits missing or incorrectly configured access control within registers to read/write data that is not meant to be obtained or modified by a user.