ByteOS Network

CWE-1256:Improper Restriction of Software Interfaces to Hardware Features

Weakness ID:1256

Version:v4.17

Weakness Name:Improper Restriction of Software Interfaces to Hardware Features

Vulnerability Mapping:Allowed

Abstraction:Base

Structure:Simple

Status:Stable

Details Content History Observed CVE Examples Reports

4Vulnerabilities found

CVE-2024-5477

Assigner-HP Inc.

View Details

Assigner-HP Inc.

CVSS Score-7.3||HIGH

EPSS-0.03% / 4.94%

7 Day CHG~0.00%

Published-13 Aug, 2025 | 17:47

Updated-14 Aug, 2025 | 13:12

A potential security vulnerability has been identified in the System BIOS for some HP PC products which may allow escalation of privilege, arbitrary code execution, denial of service, or information disclosure via a physical attack that requires specialized equipment and knowledge. HP is releasing firmware mitigation for the potential vulnerability.

Vendor-HP Inc.

Product-Certain HP PC Products

CWE ID-CWE-1256

Improper Restriction of Software Interfaces to Hardware Features

CVE-2024-48869

Assigner-Intel Corporation

View Details

Assigner-Intel Corporation

CVSS Score-5.6||MEDIUM

EPSS-0.01% / 1.95%

7 Day CHG~0.00%

Published-13 May, 2025 | 21:03

Updated-15 May, 2025 | 04:01

Improper restriction of software interfaces to hardware features for some Intel(R) Xeon(R) 6 processor with E-cores when using Intel(R) Trust Domain Extensions (Intel(R) TDX) or Intel(R) Software Guard Extensions (Intel(R) SGX) may allow a privileged user to potentially enable escalation of privilege via local access.

Vendor-n/a

Product-Intel(R) Xeon(R) 6 processor with E-cores when using Intel(R) Trust Domain Extensions (Intel(R) TDX) or Intel(R) Software Guard Extensions (Intel(R) SGX)

CWE ID-CWE-1256

Improper Restriction of Software Interfaces to Hardware Features

CVE-2024-2881

Assigner-wolfSSL Inc.

View Details

Assigner-wolfSSL Inc.

CVSS Score-6.7||MEDIUM

EPSS-0.23% / 45.27%

7 Day CHG~0.00%

Published-29 Aug, 2024 | 23:10

Updated-04 Sep, 2024 | 14:27

Fault Injection of EdDSA signature in WolfCrypt

Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the ed25519_key structure.

Vendor-wolfssl WolfSSL wolfssl Linux Kernel Organization, Inc Microsoft Corporation

Product-windows wolfssl linux_kernel wolfCrypt wolfcrypt

CWE ID-CWE-252

Unchecked Return Value

CWE ID-CWE-1256

Improper Restriction of Software Interfaces to Hardware Features

CWE ID-CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CVE-2024-1545

Assigner-wolfSSL Inc.

View Details

Assigner-wolfSSL Inc.

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 43.26%

7 Day CHG~0.00%

Published-29 Aug, 2024 | 23:02

Updated-04 Sep, 2024 | 14:27

Fault Injection of RSA encryption in WolfCrypt

Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.

Vendor-wolfssl WolfSSL wolfssl Linux Kernel Organization, Inc Microsoft Corporation

Product-windows wolfssl linux_kernel wolfCrypt wolfcrypt

CWE ID-CWE-252

Unchecked Return Value

CWE ID-CWE-1256

Improper Restriction of Software Interfaces to Hardware Features

CWE ID-CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')