CWE-1274
AllowedImproper Access Control for Volatile Memory Containing Boot Code
Abstraction: Base · Status: Stable
The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient access control or other protections for the Volatile Memory.
14 vulnerabilities reference this CWE, most recent first.
GHSA-9Q65-PRR3-6HH3
Vulnerability from github – Published: 2026-02-10 21:31 – Updated: 2026-02-10 21:31Improper input validation in system management mode (SMM) could allow a privileged attacker to overwrite stack memory leading to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2025-29950"
],
"database_specific": {
"cwe_ids": [
"CWE-1274"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-10T20:16:44Z",
"severity": "HIGH"
},
"details": "Improper input validation in system management mode (SMM) could allow a privileged attacker to overwrite stack memory leading to arbitrary code execution.",
"id": "GHSA-9q65-prr3-6hh3",
"modified": "2026-02-10T21:31:30Z",
"published": "2026-02-10T21:31:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29950"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4013.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-JG8J-M6MC-29M8
Vulnerability from github – Published: 2025-09-25 21:30 – Updated: 2025-09-26 21:30Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with its bootloader unlocked. This permits bypass of Android Verified Boot (AVB) and allows direct modification of partitions.
{
"affected": [],
"aliases": [
"CVE-2025-59404"
],
"database_specific": {
"cwe_ids": [
"CWE-1274"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-25T21:15:32Z",
"severity": "HIGH"
},
"details": "Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with its bootloader unlocked. This permits bypass of Android Verified Boot (AVB) and allows direct modification of partitions.",
"id": "GHSA-jg8j-m6mc-29m8",
"modified": "2025-09-26T21:30:28Z",
"published": "2025-09-25T21:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59404"
},
{
"type": "WEB",
"url": "https://gainsec.com/2025/09/19/root-from-the-coop-device-3-root-shell-on-flock-safetys-bravo-compute-box"
},
{
"type": "WEB",
"url": "https://gainsec.com/wp-content/uploads/2025/09/Root-from-the-Coop-Device-3_-Root-Shell-on-Flock-Safetys-Bravo-Compute-Box-GainSec.pdf"
},
{
"type": "WEB",
"url": "https://www.flocksafety.com/products"
},
{
"type": "WEB",
"url": "https://www.flocksafety.com/products/license-plate-readers"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JQJ3-2M78-576H
Vulnerability from github – Published: 2026-05-15 03:30 – Updated: 2026-05-15 03:30Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to perform an out-of-bounds read, potentially resulting in loss of confidentiality.
{
"affected": [],
"aliases": [
"CVE-2024-36345"
],
"database_specific": {
"cwe_ids": [
"CWE-1274"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-15T02:16:20Z",
"severity": "MODERATE"
},
"details": "Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to perform an out-of-bounds read, potentially resulting in loss of confidentiality.",
"id": "GHSA-jqj3-2m78-576h",
"modified": "2026-05-15T03:30:36Z",
"published": "2026-05-15T03:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36345"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3030.html"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PVG7-V23V-R848
Vulnerability from github – Published: 2025-02-12 00:32 – Updated: 2025-02-12 00:32Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2023-31345"
],
"database_specific": {
"cwe_ids": [
"CWE-1274",
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-12T00:15:08Z",
"severity": "HIGH"
},
"details": "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.",
"id": "GHSA-pvg7-v23v-r848",
"modified": "2025-02-12T00:32:17Z",
"published": "2025-02-12T00:32:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31345"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Ensure that the design of volatile-memory protections is enough to prevent modification from an adversary or untrusted code.
Mitigation
Test the volatile-memory protections to ensure they are safe from modification or untrusted code.
CAPEC-456: Infected Memory
An adversary inserts malicious logic into memory enabling them to achieve a negative impact. This logic is often hidden from the user of the system and works behind the scenes to achieve negative impacts. This pattern of attack focuses on systems already fielded and used in operation as opposed to systems that are still under development and part of the supply chain.
CAPEC-679: Exploitation of Improperly Configured or Implemented Memory Protections
An adversary takes advantage of missing or incorrectly configured access control within memory to read/write data or inject malicious code into said memory.