Category: Memory and Storage Issues
Draft
Summary
Weaknesses in this category are typically associated with memory (e.g., DRAM, SRAM) and storage technologies (e.g., NAND Flash, OTP, EEPROM, and eMMC).
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1246 | Improper Write Handling in Limited-write Non-Volatile Memories | This vulnerability occurs when a system fails to properly manage write operations on memory hardware that has a limited lifespan, such as Flash or EEPROM. Without correct wear leveling, specific memory cells wear out faster than intended, leading to premature device failure. |
| CWE-1251 | Mirrored Regions with Different Values | This vulnerability occurs when a system maintains duplicate copies of data or resources (like cached memory or shadow registers) but fails to keep them synchronized. When mirrored regions hold different values, it can lead to incorrect system behavior, data corruption, or security breaches. |
| CWE-1257 | Improper Access Control Applied to Mirrored or Aliased Memory Regions | This vulnerability occurs when a hardware design maps the same physical memory to multiple addresses (aliasing or mirroring) but fails to apply consistent read/write permissions across all these addresses. An attacker blocked from accessing a protected memory region might still reach the same data through its unprotected aliased address, bypassing security controls. |
| CWE-1282 | Assumed-Immutable Data is Stored in Writable Memory | This vulnerability occurs when data that should be permanent and unchangeable—like a bootloader, device IDs, or one-time configuration settings—is placed in memory that can be rewritten or updated after deployment. |
| CWE-1420 | Exposure of Sensitive Information during Transient Execution | Transient execution vulnerabilities occur when a processor speculatively runs operations that don't officially commit, potentially leaking sensitive data through covert side channels like cache timing. |
| CWE-226 | Sensitive Information in Resource Not Removed Before Reuse | This vulnerability occurs when a system releases a resource like memory or a file for reuse but fails to erase the sensitive data it previously contained. The old information remains accessible when the resource is allocated to a new process or used in a different context. |
| CWE-1194 | Hardware Design | This view organizes weaknesses around concepts that are frequently used or encountered in hardware design. Accordingly, this view can align closely with the perspectives of designers, manufacturers, educators, and assessment vendors. It provides a variety of categories that are intended to simplify navigation, browsing, and mapping. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.