CWE-1257
Improper Access Control Applied to Mirrored or Aliased Memory Regions
Aliased or mirrored memory regions in hardware designs may have inconsistent read/write permissions enforced by the hardware. A possible result is that an untrusted agent is blocked from accessing a memory region but is not blocked from accessing the corresponding aliased memory region.
CVE-2025-27032 (GCVE-0-2025-27032)
Vulnerability from cvelistv5 – Published: 2025-09-24 15:33 – Updated: 2025-09-25 15:48
VLAI?
Summary
memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency.
Severity ?
7.8 (High)
CWE
- CWE-1257 - Improper Access Control Applied to Mirrored or Aliased Memory Regions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
AQT1000
Affected: AR8035 Affected: FastConnect 6200 Affected: FastConnect 6700 Affected: FastConnect 6800 Affected: FastConnect 6900 Affected: FastConnect 7800 Affected: QAM8255P Affected: QAM8295P Affected: QAM8620P Affected: QAM8650P Affected: QAM8775P Affected: QAMSRV1H Affected: QAMSRV1M Affected: QCA6174A Affected: QCA6310 Affected: QCA6335 Affected: QCA6391 Affected: QCA6420 Affected: QCA6421 Affected: QCA6426 Affected: QCA6430 Affected: QCA6431 Affected: QCA6436 Affected: QCA6564A Affected: QCA6564AU Affected: QCA6574 Affected: QCA6574A Affected: QCA6574AU Affected: QCA6584AU Affected: QCA6595 Affected: QCA6595AU Affected: QCA6678AQ Affected: QCA6696 Affected: QCA6698AQ Affected: QCA6797AQ Affected: QCA8081 Affected: QCA8337 Affected: QCA9377 Affected: QCC710 Affected: QCM5430 Affected: QCM6490 Affected: QCM8550 Affected: QCN6224 Affected: QCN6274 Affected: QCN9274 Affected: QCS5430 Affected: QCS6490 Affected: QCS8300 Affected: QCS8550 Affected: QCS9100 Affected: QDU1000 Affected: QDU1010 Affected: QDU1110 Affected: QDU1210 Affected: QDX1010 Affected: QDX1011 Affected: QEP8111 Affected: QFW7114 Affected: QFW7124 Affected: QMP1000 Affected: QRU1032 Affected: QRU1052 Affected: QRU1062 Affected: QSM8350 Affected: Qualcomm Video Collaboration VC3 Platform Affected: Robotics RB3 Platform Affected: SA6145P Affected: SA6155 Affected: SA6155P Affected: SA7255P Affected: SA7775P Affected: SA8150P Affected: SA8155 Affected: SA8155P Affected: SA8255P Affected: SA8295P Affected: SA8540P Affected: SA8620P Affected: SA8650P Affected: SA8770P Affected: SA8775P Affected: SA9000P Affected: SC8380XP Affected: SD 675 Affected: SD 8 Gen1 5G Affected: SD 8CX Affected: SD670 Affected: SD675 Affected: SD855 Affected: SD865 5G Affected: SDX55 Affected: SDX57M Affected: SDX80M Affected: SG8275P Affected: SM6650 Affected: SM7250P Affected: SM7635 Affected: SM7675 Affected: SM7675P Affected: SM8550P Affected: SM8635 Affected: SM8635P Affected: SM8650Q Affected: SM8735 Affected: SM8750 Affected: SM8750P Affected: Snapdragon 670 Mobile Platform Affected: Snapdragon 675 Mobile Platform Affected: Snapdragon 678 Mobile Platform (SM6150-AC) Affected: Snapdragon 765 5G Mobile Platform (SM7250-AA) Affected: Snapdragon 765G 5G Mobile Platform (SM7250-AB) Affected: Snapdragon 768G 5G Mobile Platform (SM7250-AC) Affected: Snapdragon 8 Gen 1 Mobile Platform Affected: Snapdragon 8 Gen 2 Mobile Platform Affected: Snapdragon 8 Gen 3 Mobile Platform Affected: Snapdragon 8+ Gen 2 Mobile Platform Affected: Snapdragon 845 Mobile Platform Affected: Snapdragon 850 Mobile Compute Platform Affected: Snapdragon 855 Mobile Platform Affected: Snapdragon 855+/860 Mobile Platform (SM8150-AC) Affected: Snapdragon 865 5G Mobile Platform Affected: Snapdragon 865+ 5G Mobile Platform (SM8250-AB) Affected: Snapdragon 870 5G Mobile Platform (SM8250-AC) Affected: Snapdragon 888 5G Mobile Platform Affected: Snapdragon 888+ 5G Mobile Platform (SM8350-AC) Affected: Snapdragon 8c Compute Platform (SC8180X-AD) "Poipu Lite" Affected: Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite" Affected: Snapdragon 8cx Compute Platform (SC8180X-AA, AB) Affected: Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) "Poipu Pro" Affected: Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) "Poipu Pro" Affected: Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB) Affected: Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB) Affected: Snapdragon AR1 Gen 1 Platform Affected: Snapdragon AR1 Gen 1 Platform "Luna1" Affected: Snapdragon AR2 Gen 1 Platform Affected: Snapdragon Auto 5G Modem-RF Gen 2 Affected: Snapdragon X24 LTE Modem Affected: Snapdragon X35 5G Modem-RF System Affected: Snapdragon X50 5G Modem-RF System Affected: Snapdragon X55 5G Modem-RF System Affected: Snapdragon X62 5G Modem-RF System Affected: Snapdragon X65 5G Modem-RF System Affected: Snapdragon X72 5G Modem-RF System Affected: Snapdragon X75 5G Modem-RF System Affected: Snapdragon XR2 5G Platform Affected: SRV1H Affected: SRV1L Affected: SRV1M Affected: SSG2115P Affected: SSG2125P Affected: SXR1230P Affected: SXR2130 Affected: SXR2230P Affected: SXR2250P Affected: SXR2330P Affected: Vision Intelligence 300 Platform Affected: Vision Intelligence 400 Platform Affected: WCD9326 Affected: WCD9340 Affected: WCD9341 Affected: WCD9370 Affected: WCD9375 Affected: WCD9378 Affected: WCD9380 Affected: WCD9385 Affected: WCD9390 Affected: WCD9395 Affected: WCN3950 Affected: WCN3980 Affected: WCN3990 Affected: WCN6450 Affected: WCN6650 Affected: WCN6755 Affected: WCN7750 Affected: WCN7860 Affected: WCN7861 Affected: WCN7880 Affected: WCN7881 Affected: WSA8810 Affected: WSA8815 Affected: WSA8830 Affected: WSA8832 Affected: WSA8835 Affected: WSA8840 Affected: WSA8845 Affected: WSA8845H |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27032",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-25T03:55:37.928749Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T15:48:55.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon Compute",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon MDM",
"Snapdragon Mobile",
"Snapdragon Technology",
"Snapdragon WBC"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AQT1000"
},
{
"status": "affected",
"version": "AR8035"
},
{
"status": "affected",
"version": "FastConnect 6200"
},
{
"status": "affected",
"version": "FastConnect 6700"
},
{
"status": "affected",
"version": "FastConnect 6800"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "QAM8255P"
},
{
"status": "affected",
"version": "QAM8295P"
},
{
"status": "affected",
"version": "QAM8620P"
},
{
"status": "affected",
"version": "QAM8650P"
},
{
"status": "affected",
"version": "QAM8775P"
},
{
"status": "affected",
"version": "QAMSRV1H"
},
{
"status": "affected",
"version": "QAMSRV1M"
},
{
"status": "affected",
"version": "QCA6174A"
},
{
"status": "affected",
"version": "QCA6310"
},
{
"status": "affected",
"version": "QCA6335"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6420"
},
{
"status": "affected",
"version": "QCA6421"
},
{
"status": "affected",
"version": "QCA6426"
},
{
"status": "affected",
"version": "QCA6430"
},
{
"status": "affected",
"version": "QCA6431"
},
{
"status": "affected",
"version": "QCA6436"
},
{
"status": "affected",
"version": "QCA6564A"
},
{
"status": "affected",
"version": "QCA6564AU"
},
{
"status": "affected",
"version": "QCA6574"
},
{
"status": "affected",
"version": "QCA6574A"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6584AU"
},
{
"status": "affected",
"version": "QCA6595"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6678AQ"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCA6698AQ"
},
{
"status": "affected",
"version": "QCA6797AQ"
},
{
"status": "affected",
"version": "QCA8081"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCA9377"
},
{
"status": "affected",
"version": "QCC710"
},
{
"status": "affected",
"version": "QCM5430"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "QCM8550"
},
{
"status": "affected",
"version": "QCN6224"
},
{
"status": "affected",
"version": "QCN6274"
},
{
"status": "affected",
"version": "QCN9274"
},
{
"status": "affected",
"version": "QCS5430"
},
{
"status": "affected",
"version": "QCS6490"
},
{
"status": "affected",
"version": "QCS8300"
},
{
"status": "affected",
"version": "QCS8550"
},
{
"status": "affected",
"version": "QCS9100"
},
{
"status": "affected",
"version": "QDU1000"
},
{
"status": "affected",
"version": "QDU1010"
},
{
"status": "affected",
"version": "QDU1110"
},
{
"status": "affected",
"version": "QDU1210"
},
{
"status": "affected",
"version": "QDX1010"
},
{
"status": "affected",
"version": "QDX1011"
},
{
"status": "affected",
"version": "QEP8111"
},
{
"status": "affected",
"version": "QFW7114"
},
{
"status": "affected",
"version": "QFW7124"
},
{
"status": "affected",
"version": "QMP1000"
},
{
"status": "affected",
"version": "QRU1032"
},
{
"status": "affected",
"version": "QRU1052"
},
{
"status": "affected",
"version": "QRU1062"
},
{
"status": "affected",
"version": "QSM8350"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC3 Platform"
},
{
"status": "affected",
"version": "Robotics RB3 Platform"
},
{
"status": "affected",
"version": "SA6145P"
},
{
"status": "affected",
"version": "SA6155"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA7255P"
},
{
"status": "affected",
"version": "SA7775P"
},
{
"status": "affected",
"version": "SA8150P"
},
{
"status": "affected",
"version": "SA8155"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8255P"
},
{
"status": "affected",
"version": "SA8295P"
},
{
"status": "affected",
"version": "SA8540P"
},
{
"status": "affected",
"version": "SA8620P"
},
{
"status": "affected",
"version": "SA8650P"
},
{
"status": "affected",
"version": "SA8770P"
},
{
"status": "affected",
"version": "SA8775P"
},
{
"status": "affected",
"version": "SA9000P"
},
{
"status": "affected",
"version": "SC8380XP"
},
{
"status": "affected",
"version": "SD 675"
},
{
"status": "affected",
"version": "SD 8 Gen1 5G"
},
{
"status": "affected",
"version": "SD 8CX"
},
{
"status": "affected",
"version": "SD670"
},
{
"status": "affected",
"version": "SD675"
},
{
"status": "affected",
"version": "SD855"
},
{
"status": "affected",
"version": "SD865 5G"
},
{
"status": "affected",
"version": "SDX55"
},
{
"status": "affected",
"version": "SDX57M"
},
{
"status": "affected",
"version": "SDX80M"
},
{
"status": "affected",
"version": "SG8275P"
},
{
"status": "affected",
"version": "SM6650"
},
{
"status": "affected",
"version": "SM7250P"
},
{
"status": "affected",
"version": "SM7635"
},
{
"status": "affected",
"version": "SM7675"
},
{
"status": "affected",
"version": "SM7675P"
},
{
"status": "affected",
"version": "SM8550P"
},
{
"status": "affected",
"version": "SM8635"
},
{
"status": "affected",
"version": "SM8635P"
},
{
"status": "affected",
"version": "SM8650Q"
},
{
"status": "affected",
"version": "SM8735"
},
{
"status": "affected",
"version": "SM8750"
},
{
"status": "affected",
"version": "SM8750P"
},
{
"status": "affected",
"version": "Snapdragon 670 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 675 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 678 Mobile Platform (SM6150-AC)"
},
{
"status": "affected",
"version": "Snapdragon 765 5G Mobile Platform (SM7250-AA)"
},
{
"status": "affected",
"version": "Snapdragon 765G 5G Mobile Platform (SM7250-AB)"
},
{
"status": "affected",
"version": "Snapdragon 768G 5G Mobile Platform (SM7250-AC)"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 2 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 3 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8+ Gen 2 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 845 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 850 Mobile Compute Platform"
},
{
"status": "affected",
"version": "Snapdragon 855 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 855+/860 Mobile Platform (SM8150-AC)"
},
{
"status": "affected",
"version": "Snapdragon 865 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)"
},
{
"status": "affected",
"version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)"
},
{
"status": "affected",
"version": "Snapdragon 888 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 888+ 5G Mobile Platform (SM8350-AC)"
},
{
"status": "affected",
"version": "Snapdragon 8c Compute Platform (SC8180X-AD) \"Poipu Lite\""
},
{
"status": "affected",
"version": "Snapdragon 8c Compute Platform (SC8180XP-AD) \"Poipu Lite\""
},
{
"status": "affected",
"version": "Snapdragon 8cx Compute Platform (SC8180X-AA, AB)"
},
{
"status": "affected",
"version": "Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) \"Poipu Pro\""
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) \"Poipu Pro\""
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB)"
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB)"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform \"Luna1\""
},
{
"status": "affected",
"version": "Snapdragon AR2 Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon Auto 5G Modem-RF Gen 2"
},
{
"status": "affected",
"version": "Snapdragon X24 LTE Modem"
},
{
"status": "affected",
"version": "Snapdragon X35 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X50 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X55 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X62 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X65 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X72 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X75 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon XR2 5G Platform"
},
{
"status": "affected",
"version": "SRV1H"
},
{
"status": "affected",
"version": "SRV1L"
},
{
"status": "affected",
"version": "SRV1M"
},
{
"status": "affected",
"version": "SSG2115P"
},
{
"status": "affected",
"version": "SSG2125P"
},
{
"status": "affected",
"version": "SXR1230P"
},
{
"status": "affected",
"version": "SXR2130"
},
{
"status": "affected",
"version": "SXR2230P"
},
{
"status": "affected",
"version": "SXR2250P"
},
{
"status": "affected",
"version": "SXR2330P"
},
{
"status": "affected",
"version": "Vision Intelligence 300 Platform"
},
{
"status": "affected",
"version": "Vision Intelligence 400 Platform"
},
{
"status": "affected",
"version": "WCD9326"
},
{
"status": "affected",
"version": "WCD9340"
},
{
"status": "affected",
"version": "WCD9341"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9378"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCD9390"
},
{
"status": "affected",
"version": "WCD9395"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3990"
},
{
"status": "affected",
"version": "WCN6450"
},
{
"status": "affected",
"version": "WCN6650"
},
{
"status": "affected",
"version": "WCN6755"
},
{
"status": "affected",
"version": "WCN7750"
},
{
"status": "affected",
"version": "WCN7860"
},
{
"status": "affected",
"version": "WCN7861"
},
{
"status": "affected",
"version": "WCN7880"
},
{
"status": "affected",
"version": "WCN7881"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
},
{
"status": "affected",
"version": "WSA8840"
},
{
"status": "affected",
"version": "WSA8845"
},
{
"status": "affected",
"version": "WSA8845H"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1257",
"description": "CWE-1257: Improper Access Control Applied to Mirrored or Aliased Memory Regions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T15:33:38.574Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html"
}
],
"title": "Improper Access Control Applied to Mirrored or Aliased Memory Regions in Hypervisor"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2025-27032",
"datePublished": "2025-09-24T15:33:38.574Z",
"dateReserved": "2025-02-18T09:19:46.882Z",
"dateUpdated": "2025-09-25T15:48:55.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36600 (GCVE-0-2025-36600)
Vulnerability from cvelistv5 – Published: 2025-07-08 14:17 – Updated: 2025-07-08 20:40
VLAI?
Summary
Dell Client Platform BIOS contains an Improper Access Control Applied to Mirrored or Aliased Memory Regions vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
Severity ?
8.2 (High)
CWE
- CWE-1257 - Improper Access Control Applied to Mirrored or Aliased Memory Regions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Client Platform BIOS |
Affected:
N/A , < 1.51.0
(semver)
|
Credits
Dell Technologies would like to thank BINARLY REsearch team for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T20:40:39.262614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T20:40:46.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Client Platform BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.51.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell Technologies would like to thank BINARLY REsearch team for reporting this issue."
}
],
"datePublic": "2025-07-07T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell Client Platform BIOS contains an Improper Access Control Applied to Mirrored or Aliased Memory Regions vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
}
],
"value": "Dell Client Platform BIOS contains an Improper Access Control Applied to Mirrored or Aliased Memory Regions vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1257",
"description": "CWE-1257: Improper Access Control Applied to Mirrored or Aliased Memory Regions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T14:17:23.773Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000320876/dsa-2025-205"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2025-36600",
"datePublished": "2025-07-08T14:17:23.773Z",
"dateReserved": "2025-04-15T21:32:11.414Z",
"dateUpdated": "2025-07-08T20:40:46.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phases: Architecture and Design, Implementation
Description:
- The checks should be applied for consistency access rights between primary memory regions and any mirrored or aliased memory regions. If different memory protection units (MPU) are protecting the aliased regions, their protected range definitions and policies should be synchronized.
Mitigation
Phases: Architecture and Design, Implementation
Description:
- The controls that allow enabling memory aliases or changing the size of mapped memory regions should only be programmable by trusted software components.
CAPEC-456: Infected Memory
An adversary inserts malicious logic into memory enabling them to achieve a negative impact. This logic is often hidden from the user of the system and works behind the scenes to achieve negative impacts. This pattern of attack focuses on systems already fielded and used in operation as opposed to systems that are still under development and part of the supply chain.
CAPEC-679: Exploitation of Improperly Configured or Implemented Memory Protections
An adversary takes advantage of missing or incorrectly configured access control within memory to read/write data or inject malicious code into said memory.