Détail du CWE-1246

CWE-1246

Improper Write Handling in Limited-write Non-Volatile Memories
Incomplete
2020-02-24
00h00 +00:00
2025-04-03
00h00 +00:00
Notifications pour un CWE
Restez informé de toutes modifications pour un CWE spécifique.
Gestion des notifications

Nom: Improper Write Handling in Limited-write Non-Volatile Memories

The product does not implement or incorrectly implements wear leveling operations in limited-write non-volatile memories.

Description du CWE

Non-volatile memories such as NAND Flash, EEPROM, etc. have individually erasable segments, each of which can be put through a limited number of program/erase or write cycles. For example, the device can only endure a limited number of writes, after which the device becomes unreliable. In order to wear out the cells in a uniform manner, non-volatile memory and storage products based on the above-mentioned technologies implement a technique called wear leveling. Once a set threshold is reached, wear leveling maps writes of a logical block to a different physical block. This prevents a single physical block from prematurely failing due to a high concentration of writes. If wear leveling is improperly implemented, attackers may be able to programmatically cause the storage to become unreliable within a much shorter time than would normally be expected.

Informations générales

Modes d'introduction

Architecture and Design
Implementation

Plateformes applicables

Langue

Class: Not Language-Specific (Undetermined)

Systèmes d’exploitation

Class: Not OS-Specific (Undetermined)

Architectures

Class: Not Architecture-Specific (Undetermined)

Technologies

Class: System on Chip (Undetermined)
Name: Memory Hardware (Undetermined)
Name: Storage Hardware (Undetermined)

Conséquences courantes

Portée Impact Probabilité
AvailabilityDoS: Instability

Mesures d’atténuation potentielles

Phases : Architecture and Design // Implementation // Testing
Include secure wear leveling algorithms and ensure they may not be bypassed.

Notes de cartographie des vulnérabilités

Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Commentaire : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Modèles d'attaque associés

CAPEC-ID Nom du modèle d'attaque
CAPEC-212 Functionality Misuse
An adversary leverages a legitimate capability of an application in such a way as to achieve a negative technical impact. The system functionality is not altered or modified but used in a way that was not intended. This is often accomplished through the overuse of a specific functionality or by leveraging functionality with design flaws that enables the adversary to gain access to unauthorized, sensitive data.

Références

REF-1058

Enhancing Lifetime and Security of PCM-Based Main Memory with Start-Gap Wear Leveling
Moinuddin Qureshi, Michele Franchescini, Vijayalakshmi Srinivasan, Luis Lastras, Bulent Abali, John Karidis.
https://www.seas.upenn.edu/~leebcc/teachdir/ece299_fall10/Qureshi09_pcmWear.pdf

REF-1059

Bad Block Management in NAND Flash Memory
Micron.
https://www.micron.com/-/media/client/global/documents/products/technical-note/nand-flash/tn2959_bbm_in_nand_flash.pdf

Soumission

Nom Organisation Date Date de publication Version
Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi Intel Corporation 2020-02-10 +00:00 2020-02-24 +00:00 4.0

Modifications

Nom Organisation Date Commentaire
CWE Content Team MITRE 2020-08-20 +00:00 updated Demonstrative_Examples, Description, Potential_Mitigations, Research_Gaps
CWE Content Team MITRE 2021-07-20 +00:00 updated Related_Attack_Patterns
CWE Content Team MITRE 2022-04-28 +00:00 updated Applicable_Platforms
CWE Content Team MITRE 2022-06-28 +00:00 updated Applicable_Platforms
CWE Content Team MITRE 2022-10-13 +00:00 updated Demonstrative_Examples, Relationships, Research_Gaps
CWE Content Team MITRE 2023-04-27 +00:00 updated References, Relationships, Taxonomy_Mappings
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2025-04-03 +00:00 updated Demonstrative_Examples, References