CWE-1231: Improper Prevention of Lock Bit Modification
low-riskThe product uses a trusted lock bit for restricting access to registers, address regions, or other resources, but the product does not prevent the value of the lock bit from being modified after it has been set.
Abstraction: Base
Common Consequences
Access Control
→
Modify Memory
Detection Methods
Manual Analysis
Set the lock bit. Power cycle the device. Attempt to clear the lock bit. If the information is changed, implement a design fix. Retest. Also, attempt to indirectly clear the lock bit or bypass it.
Real-World Examples (2)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2022-42285 | 6.0 | 0.0% | — |
| CVE-2024-36354 | 7.5 | 0.0% | — |
0
/ 100
low-risk
Active Threat
0/50 · Minimal
Exploit Availability
0/50 · Minimal