CWE-1262
AllowedImproper Access Control for Register Interface
Abstraction: Base · Status: Stable
The product uses memory-mapped I/O registers that act as an interface to hardware functionality from software, but there is improper access control to those registers.
16 vulnerabilities reference this CWE, most recent first.
GHSA-7RC6-R844-3MWW
Vulnerability from github – Published: 2025-06-10 18:32 – Updated: 2025-11-21 21:30Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP’s Crypto Co-Processor (CCP) registers from x86, resulting in potential loss of control of cryptographic key pointer/index, leading to loss of integrity or confidentiality.
{
"affected": [],
"aliases": [
"CVE-2023-20599"
],
"database_specific": {
"cwe_ids": [
"CWE-1262"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-10T17:17:51Z",
"severity": "HIGH"
},
"details": "Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP\u2019s Crypto Co-Processor (CCP) registers from x86, resulting in potential loss of control of cryptographic key pointer/index, leading to loss of integrity or confidentiality.",
"id": "GHSA-7rc6-r844-3mww",
"modified": "2025-11-21T21:30:15Z",
"published": "2025-06-10T18:32:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20599"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7039.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8PHC-9JC2-384H
Vulnerability from github – Published: 2025-04-07 12:33 – Updated: 2025-04-07 12:33Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR.
{
"affected": [],
"aliases": [
"CVE-2024-45556"
],
"database_specific": {
"cwe_ids": [
"CWE-1262"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-07T11:15:49Z",
"severity": "MODERATE"
},
"details": "Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR.",
"id": "GHSA-8phc-9jc2-384h",
"modified": "2025-04-07T12:33:18Z",
"published": "2025-04-07T12:33:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45556"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GCHR-732Q-FG34
Vulnerability from github – Published: 2026-06-09 18:31 – Updated: 2026-06-09 18:31Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) potentially resulting in loss of integrity.
{
"affected": [],
"aliases": [
"CVE-2025-54509"
],
"database_specific": {
"cwe_ids": [
"CWE-1262"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T18:16:32Z",
"severity": "MODERATE"
},
"details": "Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) potentially resulting in loss of integrity.",
"id": "GHSA-gchr-732q-fg34",
"modified": "2026-06-09T18:31:02Z",
"published": "2026-06-09T18:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54509"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3039.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GW84-QF63-55GW
Vulnerability from github – Published: 2024-06-26 18:30 – Updated: 2025-03-13 21:31Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the execute permission via the use of the PAM dashboard.
{
"affected": [],
"aliases": [
"CVE-2024-6354"
],
"database_specific": {
"cwe_ids": [
"CWE-1262"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-26T17:15:27Z",
"severity": "HIGH"
},
"details": "Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the execute permission via the use of the PAM dashboard.",
"id": "GHSA-gw84-qf63-55gw",
"modified": "2025-03-13T21:31:08Z",
"published": "2024-06-26T18:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6354"
},
{
"type": "WEB",
"url": "https://devolutions.net/security/advisories/DEVO-2024-0010"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HHVJ-4H4H-9XGP
Vulnerability from github – Published: 2026-03-02 18:31 – Updated: 2026-03-02 18:31Memory Corruption when accessing trusted execution environment without proper privilege check.
{
"affected": [],
"aliases": [
"CVE-2025-47385"
],
"database_specific": {
"cwe_ids": [
"CWE-1262"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-02T17:16:27Z",
"severity": "HIGH"
},
"details": "Memory Corruption when accessing trusted execution environment without proper privilege check.",
"id": "GHSA-hhvj-4h4h-9xgp",
"modified": "2026-03-02T18:31:45Z",
"published": "2026-03-02T18:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47385"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2026-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VFP9-7P35-GG6G
Vulnerability from github – Published: 2026-02-03 00:30 – Updated: 2026-02-03 00:30IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 may expose a limited amount of data to a peer partition in specific shared processor configurations during certain operations.
{
"affected": [],
"aliases": [
"CVE-2025-36194"
],
"database_specific": {
"cwe_ids": [
"CWE-1262"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-02T23:15:59Z",
"severity": "LOW"
},
"details": "IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 may expose a limited amount of data to a peer partition in specific shared processor configurations during certain operations.",
"id": "GHSA-vfp9-7p35-gg6g",
"modified": "2026-02-03T00:30:18Z",
"published": "2026-02-03T00:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36194"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7257555"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Design proper policies for hardware register access from software.
Mitigation
Ensure that access control policies for register access are implemented in accordance with the specified design.
CAPEC-680: Exploitation of Improperly Controlled Registers
An adversary exploits missing or incorrectly configured access control within registers to read/write data that is not meant to be obtained or modified by a user.