CWE-1246 - Improper Write Handling in Limited-write Non-Volatile Memories
CWE-1246
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Incomplete
- Weakness Name
Improper Write Handling in Limited-write Non-Volatile Memories
- Description
The product does not implement or incorrectly implements wear leveling operations in limited-write non-volatile memories.
Non-volatile memories such as NAND Flash, EEPROM, etc. have individually erasable segments, each of which can be put through a limited number of program/erase or write cycles. For example, the device can only endure a limited number of writes, after which the device becomes unreliable. In order to wear out the cells in a uniform manner, non-volatile memory and storage products based on the above-mentioned technologies implement a technique called wear leveling. Once a set threshold is reached, wear leveling maps writes of a logical block to a different physical block. This prevents a single physical block from prematurely failing due to a high concentration of writes. If wear leveling is improperly implemented, attackers may be able to programmatically cause the storage to become unreliable within a much shorter time than would normally be expected.
- Common Consequences
Scope: Availability
Impact: DoS: Instability
- Related Weaknesses
- Release Date:
- 2020-02-24
- Latest Modification Date:
- 2023-06-29
Free security scan for your website