CWE-1232β€”Improper Lock Behavior After Power State Transition

PUBLISHEDweakness record
released 2020-02-24 Β· last modified 2025-12-11

Metadata

CWE ID:
CWE-1232
Abstraction:
Base
Structure:
Simple
Status:
Incomplete
Release Date:
2020-02-24
Latest Modification Date:
2025-12-11

Weakness Name

Improper Lock Behavior After Power State Transition

Description

Register lock bit protection disables changes to system configuration once the bit is set. Some of the protected registers or lock bits become programmable after power state transitions (e.g., Entry and wake from low power sleep modes) causing the system configuration to be changeable.

Devices may allow device configuration controls which need to be programmed after device power reset via a trusted firmware or software module (commonly set by BIOS/bootloader) and then locked from any further modification. This action is commonly implemented using a programmable lock bit, which, when set, disables writes to a protected set of registers or address regions. After a power state transition, the lock bit is set to unlocked. Some common weaknesses that can exist in such a protection scheme are that the lock gets cleared, the values of the protected registers get reset, or the lock become programmable.

Common Consequences

Scope:
Access Control
Impact:
Modify Memory

Related Weaknesses