logo

CWE-1246 - Improper Write Handling in Limited-write Non-Volatile Memories

CWE-1246

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Incomplete
Weakness Name

Improper Write Handling in Limited-write Non-Volatile Memories

Description

The product does not implement or incorrectly implements wear leveling operations in limited-write non-volatile memories.

Non-volatile memories such as NAND Flash, EEPROM, etc. have individually erasable segments, each of which can be put through a limited number of program/erase or write cycles. For example, the device can only endure a limited number of writes, after which the device becomes unreliable. In order to wear out the cells in a uniform manner, non-volatile memory and storage products based on the above-mentioned technologies implement a technique called wear leveling. Once a set threshold is reached, wear leveling maps writes of a logical block to a different physical block. This prevents a single physical block from prematurely failing due to a high concentration of writes. If wear leveling is improperly implemented, attackers may be able to programmatically cause the storage to become unreliable within a much shorter time than would normally be expected.

Common Consequences

Scope: Availability

Impact: DoS: Instability

Related Weaknesses
  • Release Date:
  • 2020-02-24
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website