CWE-1274
Improper Access Control for Volatile Memory Containing Boot Code
The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient access control or other protections for the Volatile Memory.
Mitigation
Phase: Architecture and Design
Description:
- Ensure that the design of volatile-memory protections is enough to prevent modification from an adversary or untrusted code.
Mitigation
Phase: Testing
Description:
- Test the volatile-memory protections to ensure they are safe from modification or untrusted code.
CAPEC-456: Infected Memory
An adversary inserts malicious logic into memory enabling them to achieve a negative impact. This logic is often hidden from the user of the system and works behind the scenes to achieve negative impacts. This pattern of attack focuses on systems already fielded and used in operation as opposed to systems that are still under development and part of the supply chain.
CAPEC-679: Exploitation of Improperly Configured or Implemented Memory Protections
An adversary takes advantage of missing or incorrectly configured access control within memory to read/write data or inject malicious code into said memory.