Base weakness
Incomplete
Log in
The product does not implement or incorrectly implements wear leveling operations in limited-write non-volatile memories.
Last updated
Non-volatile memories such as NAND Flash, EEPROM, etc. have individually erasable segments, each of which can be put through a limited number of program/erase or write cycles. For example, the device can only endure a limited number of writes, after which the device becomes unreliable. In order to wear out the cells in a uniform manner, non-volatile memory and storage products based on the above-mentioned technologies implement a technique called wear leveling. Once a set threshold is reached, wear leveling maps writes of a logical block to a different physical block. This prevents a single physical block from prematurely failing due to a high concentration of writes.
2 recorded CVEs are caused by CWE-1246 (Improper Write Handling in Limited-write Non-Volatile Memories). The highest-severity and most recent are shown first.
What can happen when CWE-1246 is exploited.
DoS: Instability
Affects: Availability
If wear leveling is improperly implemented, attackers may be able to programmatically cause the storage to become unreliable within a much shorter time than would normally be expected.
Typically introduced during these phases of the software lifecycle.
Technologies
Practical mitigations for CWE-1246, grouped by where in the lifecycle they apply.
Include secure wear leveling algorithms and ensure they may not be bypassed.
Effectiveness: High
Illustrative examples from MITRE showing how the weakness appears in code.
An attacker can render a memory line unusable by repeatedly causing a write to the memory line.
Attack input
for (ii = 0; ii < W + 1; ii++)Safe example
Wear leveling must be used to even out writes to the device.CAPEC attack patterns that exploit this weakness.
Common questions about CWE-1246.
The product does not implement or incorrectly implements wear leveling operations in limited-write non-volatile memories.
2 recorded CVEs are attributed to CWE-1246, including CVE-2024-36432, CVE-2023-32229.
Include secure wear leveling algorithms and ensure they may not be bypassed.
Exploiting CWE-1246 can lead to: DoS: Instability.
2 recorded CVEs are caused by CWE-1246; none are currently in CISA's KEV catalog of actively exploited flaws.
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Get alerted the moment a new CWE-1246 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.