Insufficient Granularity of Address Regions Protected by Register Locks

CVE-2025-21283

Medium

6.5/10

Summary

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-1222 - Insufficient Granularity of Address Regions Protected by Register Locks

The product defines a large address region protected from modification by the same register lock control bit. This results in a conflict between the functional requirement that some addresses need to be writable by software during operation and the security requirement that the system configuration lock bit must be set during the boot process.

References

Advisory Timeline

Published Feb 06, 2025

Insufficient Granularity of Address Regions Protected by Register Locks

CVE-2025-21283

Summary

CWE-1222 - Insufficient Granularity of Address Regions Protected by Register Locks

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS