1. Home
  2. Weaknesses
  3. CWE-1260

CWE-1260: Improper Handling of Overlap Between Protected Memory Ranges

ID CWE-1260
Abstraction Base
Structure Simple
Status Stable
Number of CVEs 3
Detail CAPEC Dashboard Vulnerabilities Web & Social
The product allows address regions to overlap, which can result in the bypassing of intended memory protection.

Isolated memory regions and access control (read/write) policies are used by hardware to protect privileged software. Software components are often allowed to change or remap memory region definitions in order to enable flexible and dynamically changeable memory management by system software.

If a software component running at lower privilege can program a memory address region to overlap with other memory regions used by software running at higher privilege, privilege escalation may be available to attackers. The memory protection unit (MPU) logic can incorrectly handle such an address overlap and allow the lower-privilege software to read or write into the protected memory region, resulting in privilege escalation attack. An address overlap weakness can also be used to launch a denial of service attack on the higher-privilege software memory regions.

Modes of Introduction

Phase Note
Architecture and Design Such issues could be introduced during hardware architecture and design or implementation and identified later during the Testing phase.
Implementation

Applicable Platforms

Type Class Name Prevalence
Language Not Language-Specific
Operating_system Not OS-Specific
Architecture Not Architecture-Specific
Technology Memory Hardware
Technology Processor Hardware

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-284 Improper Access Control Pillar Simple Incomplete
CWE-1000 Research Concepts Draft CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Class Simple Stable

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org
# ID Name Weaknesses
CAPEC-456 Infected Memory CWE-1260
CAPEC-679 Exploitation of Improperly Configured or Implemented Memory Protections CWE-1260

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date