CWE-1246
Alerte pour un CWE
Improper Write Handling in Limited-write Non-Volatile Memories
Extended Description
Non-volatile memories such as NAND Flash, EEPROM, etc. have individually erasable segments, each of which can be put through a limited number of program/erase or write cycles. For example, the device can only endure a limited number of writes, after which the device becomes unreliable. In order to wear out the cells in a uniform manner, non-volatile memory and storage products based on the above-mentioned technologies implement a technique called wear leveling. Once a set threshold is reached, wear leveling maps writes of a logical block to a different physical block. This prevents a single physical block from prematurely failing due to a high concentration of writes. If wear leveling is improperly implemented, attackers may be able to programmatically cause the storage to become unreliable within a much shorter time than would normally be expected.
Informations
Modes Of Introduction
Architecture and DesignImplementation
Applicable Platforms
Language
Class: Not Language-Specific (Undetermined)Operating Systems
Class: Not OS-Specific (Undetermined)Architectures
Class: Not Architecture-Specific (Undetermined)Technologies
Class: System on Chip (Undetermined)Name: Memory Hardware (Undetermined)
Name: Storage Hardware (Undetermined)
Common Consequences
| Scope | Impact | Likelihood |
|---|---|---|
| Availability | DoS: Instability |
Potential Mitigations
Phases : Architecture and Design // Implementation // TestingInclude secure wear leveling algorithms and ensure they may not be bypassed.
Vulnerability Mapping Notes
Rationale : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Comments : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Related Attack Patterns
| CAPEC-ID | Attack Pattern Name |
|---|---|
| CAPEC-212 | Functionality Misuse An adversary leverages a legitimate capability of an application in such a way as to achieve a negative technical impact. The system functionality is not altered or modified but used in a way that was not intended. This is often accomplished through the overuse of a specific functionality or by leveraging functionality with design flaws that enables the adversary to gain access to unauthorized, sensitive data. |
References
REF-1058
Enhancing Lifetime and Security of PCM-Based Main Memory with Start-Gap Wear LevelingMoinuddin Qureshi, Michele Franchescini, Vijayalakshmi Srinivasan, Luis Lastras, Bulent Abali, John Karidis.
https://researcher.watson.ibm.com/researcher/files/us-moinqureshi/papers-sgap.pdf
REF-1059
Bad Block Management in NAND Flash MemoryMicron.
https://www.micron.com/-/media/client/global/documents/products/technical-note/nand-flash/tn2959_bbm_in_nand_flash.pdf
Submission
| Name | Organization | Date | Date Release | Version |
|---|---|---|---|---|
| Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi | Intel Corporation | 4.0 |
Modifications
| Name | Organization | Date | Comment |
|---|---|---|---|
| CWE Content Team | MITRE | updated Demonstrative_Examples, Description, Potential_Mitigations, Research_Gaps | |
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Applicable_Platforms | |
| CWE Content Team | MITRE | updated Applicable_Platforms | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, Relationships, Research_Gaps | |
| CWE Content Team | MITRE | updated References, Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Mapping_Notes |
