CWE-1246: Improper Write Handling in Limited-write Non-Volatile Memories

The product does not implement or incorrectly implements wear leveling operations in limited-write non-volatile memories.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

Non-volatile memories such as NAND Flash, EEPROM, etc. have individually erasable segments, each of which can be put through a limited number of program/erase or write cycles. For example, the device can only endure a limited number of writes, after which the device becomes unreliable. In order to wear out the cells in a uniform manner, non-volatile memory and storage products based on the above-mentioned technologies implement a technique called wear leveling. Once a set threshold is reached, wear leveling maps writes of a logical block to a different physical block. This prevents a single physical block from prematurely failing due to a high concentration of writes.

CWE-1246: Improper Write Handling in Limited-write Non-Volatile Memories

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Code examples

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-1246?

What CVEs are caused by CWE-1246?

How do you prevent CWE-1246?

What are the consequences of CWE-1246?

Is CWE-1246 actively exploited?

References

Stay ahead of CWE-1246

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Code examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-1246?

What CVEs are caused by CWE-1246?

How do you prevent CWE-1246?

What are the consequences of CWE-1246?

Is CWE-1246 actively exploited?

References

Stay ahead of CWE-1246