CWE-1234: Hardware Internal or Debug Modes Allow Override of Locks

BaseIncomplete

System configuration protection may be bypassed during debug mode.

View on MITRE
Back to CWE Lookup

Extended Description

Device configuration controls are commonly programmed after a device power reset by a trusted firmware or software module (e.g., BIOS/bootloader) and then locked from any further modification. This is commonly implemented using a trusted lock bit, which when set, disables writes to a protected set of registers or address regions. The lock protection is intended to prevent modification of certain system configuration (e.g., memory/memory protection unit configuration). If debug features supported by hardware or internal modes/system states are supported in the hardware design, modification of the lock protection may be allowed allowing access and modification of configuration information.

Technical Details

Structure
Simple

Applicable To

Languages
Not Language-Specific
Platforms
Not OS-Specific

Learn More