CWE-1246
Improper Write Handling in Limited-write Non-Volatile Memories
Incomplete
2020-02-24
00h00 +00:00
00h00 +00:00
2025-12-11
00h00 +00:00
00h00 +00:00
Benachrichtigungen für ein CWE
Bleiben Sie über alle Änderungen zu einem bestimmten CWE informiert.
Name: Improper Write Handling in Limited-write Non-Volatile Memories
The product does not implement or incorrectly implements wear leveling operations in limited-write non-volatile memories.
Allgemeine Informationen
Einführungsmodi
Architecture and DesignImplementation
Anwendbare Plattformen
Sprache
Class: Not Language-Specific (Undetermined)Betriebssysteme
Class: Not OS-Specific (Undetermined)Architekturen
Class: Not Architecture-Specific (Undetermined)Technologien
Class: System on Chip (Undetermined)Name: Memory Hardware (Undetermined)
Name: Storage Hardware (Undetermined)
Häufige Konsequenzen
| Bereich | Auswirkung | Wahrscheinlichkeit |
|---|---|---|
| Availability | DoS: Instability Note: If wear leveling is improperly implemented, attackers may be able to programmatically cause the storage to become unreliable within a much shorter time than would normally be expected. |
Mögliche Gegenmaßnahmen
Phases : Architecture and Design // Implementation // TestingInclude secure wear leveling algorithms and ensure they may not be bypassed.
Hinweise zur Schwachstellen-Zuordnung
Begründung : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Kommentar : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Verwandte Angriffsmuster
| CAPEC-ID | Name des Angriffsmusters |
|---|---|
| CAPEC-212 | Functionality Misuse
An adversary leverages a legitimate capability of an application in such a way as to achieve a negative technical impact. The system functionality is not altered or modified but used in a way that was not intended. This is often accomplished through the overuse of a specific functionality or by leveraging functionality with design flaws that enables the adversary to gain access to unauthorized, sensitive data. |
Referenzen
REF-1058
Enhancing Lifetime and Security of PCM-Based Main Memory with Start-Gap Wear LevelingMoinuddin Qureshi, Michele Franchescini, Vijayalakshmi Srinivasan, Luis Lastras, Bulent Abali, John Karidis.
https://www.seas.upenn.edu/~leebcc/teachdir/ece299_fall10/Qureshi09_pcmWear.pdf
REF-1059
Bad Block Management in NAND Flash MemoryMicron.
https://e2e.ti.com/cfs-file/__key/communityserver-discussions-components-files/791/tn2959_5F00_bbm_5F00_in_5F00_nand_5F00_flash.pdf
Einreichung
| Name | Organisation | Datum | Veröffentlichungsdatum | Version |
|---|---|---|---|---|
| Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi | Intel Corporation | 4.0 |
Änderungen
| Name | Organisation | Datum | Kommentar |
|---|---|---|---|
| CWE Content Team | MITRE | updated Demonstrative_Examples, Description, Potential_Mitigations, Research_Gaps | |
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Applicable_Platforms | |
| CWE Content Team | MITRE | updated Applicable_Platforms | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, Relationships, Research_Gaps | |
| CWE Content Team | MITRE | updated References, Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, References | |
| CWE Content Team | MITRE | updated References | |
| CWE Content Team | MITRE | updated Common_Consequences, Description, Weakness_Ordinalities |
