All CWEs
CWE-587
Assignment of a Fixed Address to a Pointer
VariantDraftSimple1 CVE
The product sets a pointer to a specific address other than NULL or 0.
Extended description
Using a fixed address is not portable, because that address will probably not be valid in all environments or platforms.
Common consequences3
- IntegrityConfidentialityAvailabilityExecute Unauthorized Code or Commands
If one executes code at a known location, an attacker might be able to inject code there beforehand.
- AvailabilityDoS: Crash, Exit, or RestartReduce MaintainabilityReduce Reliability
If the code is ported to another platform or environment, the pointer is likely to be invalid and cause a crash.
- ConfidentialityIntegrityRead MemoryModify Memory
The data at a known pointer location can be easily read or influenced by an attacker.
Potential mitigations1
- Implementation
Never set a pointer to a fixed address.
CVEs referencing this CWE1
| CVE | Description | Severity | EPSS | Flags | Modified |
|---|---|---|---|---|---|
| CVE-2021-28216 | BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE. | HIGH7.8 | 0.43%p34 | 2025-11-03 |