CWE-1231: Improper Prevention of Lock Bit Modification

BaseStable

The product uses a trusted lock bit for restricting access to registers, address regions, or other resources, but the product does not prevent the value of the lock bit from being modified after it has been set.

View on MITRE
Back to CWE Lookup

Extended Description

In integrated circuits and hardware intellectual property (IP) cores, device configuration controls are commonly programmed after a device power reset by a trusted firmware or software module (e.g., BIOS/bootloader) and then locked from any further modification. This behavior is commonly implemented using a trusted lock bit. When set, the lock bit disables writes to a protected set of registers or address regions. Design or coding errors in the implementation of the lock bit protection feature may allow the lock bit to be modified or cleared by software after it has been set. Attackers might be able to unlock the system and features that the bit is intended to protect.

Technical Details

Structure
Simple

Applicable To

Languages
Not Language-Specific
Platforms
Not OS-Specific

Frequently Asked Questions

What is CWE-1231: Improper Prevention of Lock Bit Modification?+

CWE-1231: Improper Prevention of Lock Bit Modification is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product uses a trusted lock bit for restricting access to registers, address regions, or other resources, but the product does not prevent the value of the lock bit from being modified after it has been set. In integrated circuits and hardware intellectual property (IP) cores, device configuration controls are commonly programmed after a device power reset by a trusted firmware or software module (e.g., BIOS/bootloader) and then locked from any further modification. This behavior is commonly implemented using a trusted lock bit. When set, the lock bit disables writes to a protected set of registers or address regions. Design or coding errors in the implementation of the lock bit protection feature may allow the lock bit to be modified or cleared by software after it has been set. Attackers might be able to unlock the system and features that the bit is intended to protect.

What are the security consequences of Improper Prevention of Lock Bit Modification?+

If exploited, CWE-1231 (Improper Prevention of Lock Bit Modification) it can compromise Access Control, leading to outcomes such as Modify Memory.

How do you prevent or mitigate Improper Prevention of Lock Bit Modification?+

Recommended mitigations for CWE-1231 include: Security lock bit protections must be reviewed for design inconsistency and common weaknesses. Security lock programming flow and lock properties must be tested in pre-silicon and post-silicon testing.

How is Improper Prevention of Lock Bit Modification detected?+

CWE-1231 can be detected using Manual Analysis. Combining automated tooling with manual review typically yields the best coverage.

Which programming languages are affected by Improper Prevention of Lock Bit Modification?+

CWE-1231 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What are real-world examples of Improper Prevention of Lock Bit Modification?+

MITRE documents real CVEs mapped to CWE-1231, including CVE-2017-6283. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-1231 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More