CWE-1282 – Assumed-Immutable Data is Stored in Writable Memory

Read Time:21 Second

Description

Immutable data, such as a first-stage bootloader, device identifiers, and “write-once” configuration settings are stored in writable memory that can be re-programmed or updated in the field.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-668
CWE-471

 

Consequences

Integrity: Varies by Context

 

Potential Mitigations

Phase: Implementation

Description: 

All immutable code or data should be programmed into ROM or write-once memory.

CVE References