1. Home
  2. Weaknesses
  3. CWE-1246

CWE-1246: Improper Write Handling in Limited-write Non-Volatile Memories

ID CWE-1246
Abstraction Base
Structure Simple
Status Incomplete
Number of CVEs 2
Detail CAPEC Dashboard Vulnerabilities Web & Social
The product does not implement or incorrectly implements wear leveling operations in limited-write non-volatile memories.

Non-volatile memories such as NAND Flash, EEPROM, etc. have individually erasable segments, each of which can be put through a limited number of program/erase or write cycles. For example, the device can only endure a limited number of writes, after which the device becomes unreliable. In order to wear out the cells in a uniform manner, non-volatile memory and storage products based on the above-mentioned technologies implement a technique called wear leveling. Once a set threshold is reached, wear leveling maps writes of a logical block to a different physical block. This prevents a single physical block from prematurely failing due to a high concentration of writes. If wear leveling is improperly implemented, attackers may be able to programmatically cause the storage to become unreliable within a much shorter time than would normally be expected.

Modes of Introduction

Phase Note
Architecture and Design
Implementation

Applicable Platforms

Type Class Name Prevalence
Language Not Language-Specific
Operating_system Not OS-Specific
Architecture Not Architecture-Specific
Technology System on Chip
Technology Memory Hardware
Technology Storage Hardware

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-400 Uncontrolled Resource Consumption Class Simple Draft

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org
# ID Name Weaknesses
CAPEC-212 Functionality Misuse CWE-1246

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date