CWE-1246 Base Incomplet

Improper Write Handling in Limited-write Non-Volatile Memories

This vulnerability occurs when a system fails to properly manage write operations on memory hardware that has a limited lifespan, such as Flash or EEPROM. Without correct wear leveling, specific…

Définition

What is CWE-1246?

This vulnerability occurs when a system fails to properly manage write operations on memory hardware that has a limited lifespan, such as Flash or EEPROM. Without correct wear leveling, specific memory cells wear out faster than intended, leading to premature device failure.
Many non-volatile memory chips, like NAND Flash and EEPROM, have a fundamental physical limitation: each memory cell can only be written to or erased a finite number of times. To maximize the overall lifespan of the storage device, a technique called wear leveling is essential. It works by dynamically mapping the system's logical write requests across different physical memory blocks, ensuring that write cycles are distributed evenly instead of repeatedly hitting the same cells. If wear leveling is missing or implemented incorrectly, it creates a critical weakness. An attacker can exploit this by deliberately targeting the same logical addresses with frequent write operations. This causes the underlying physical cells to wear out rapidly, potentially bricking the storage device or making data unreliable far sooner than its rated endurance, which constitutes a denial-of-service attack against the hardware itself.
Impact réel

Real-world CVEs caused by CWE-1246

Aucune référence CVE publique n'est liée à ce CWE dans le catalogue MITRE pour le moment.

Comment les attaquants l'exploitent

Parcours de l'attaquant étape par étape

  1. 1

    An attacker can render a memory line unusable by repeatedly causing a write to the memory line.

  2. 2

    Below is example code from [REF-1058] that the user can execute repeatedly to cause line failure. W is the maximum associativity of any cache in the system; S is the size of the largest cache in the system.

  3. 3

    Without wear leveling, the above attack will be successful. Simple randomization of blocks will not suffice as instead of the original physical block, the randomized physical block will be worn out.

Exemple de code vulnérable

Vulnerable C++

Below is example code from [REF-1058] that the user can execute repeatedly to cause line failure. W is the maximum associativity of any cache in the system; S is the size of the largest cache in the system.

Vulnérable C++ 
// Do aligned alloc of (W+1) arrays each of size S
 while(1) {

```
   for (ii = 0; ii < W + 1; ii++)
  	 array[ii].element[0]++;
 }
Charge utile de l'attaquant

Below is example code from [REF-1058] that the user can execute repeatedly to cause line failure. W is the maximum associativity of any cache in the system; S is the size of the largest cache in the system.

Charge utile de l'attaquant C++ 
// Do aligned alloc of (W+1) arrays each of size S
 while(1) {

```
   for (ii = 0; ii < W + 1; ii++)
  	 array[ii].element[0]++;
 }
Exemple de code sécurisé

Secure Other

Without wear leveling, the above attack will be successful. Simple randomization of blocks will not suffice as instead of the original physical block, the randomized physical block will be worn out.

Sécurisé Other 
Wear leveling must be used to even out writes to the device.
What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Liste de contrôle de prévention

How to prevent CWE-1246

  • Architecture and Design / Implementation / Testing Include secure wear leveling algorithms and ensure they may not be bypassed.
Signaux de détection

How to detect CWE-1246

SAST High

Exécuter une analyse statique (SAST) sur le code source à la recherche du motif non sécurisé dans le flux de données.

DAST Moderate

Exécuter des tests de sécurité applicative dynamique (DAST) contre le point de terminaison en ligne.

Runtime Moderate

Surveiller les journaux runtime pour détecter des traces d'exception inhabituelles, des entrées malformées ou des tentatives de contournement d'autorisation.

Code review Moderate

Revue de code : signaler tout nouveau code qui traite les entrées de cette surface sans utiliser les helpers du framework validés.

Correction automatique Plexicus

Plexicus détecte automatiquement CWE-1246 et ouvre une PR de correction en moins de 60 secondes.

Codex Remedium analyse chaque commit, identifie cette faiblesse précise et livre une pull request prête à être relue avec le correctif. Pas de tickets. Pas de transferts.

Obtenir une démo Essayer Plexicus gratuitement
Questions fréquentes

Frequently asked questions

Qu'est-ce que CWE-1246 ?

This vulnerability occurs when a system fails to properly manage write operations on memory hardware that has a limited lifespan, such as Flash or EEPROM. Without correct wear leveling, specific memory cells wear out faster than intended, leading to premature device failure.

Quelle est la gravité de CWE-1246 ?

MITRE n'a pas publié de note de probabilité d'exploitation pour cette faiblesse. Traitez-la comme un impact moyen jusqu'à ce que votre modèle de menace prouve le contraire.

Quels langages ou plateformes sont affectés par CWE-1246 ?

MITRE lists the following affected platforms: Not OS-Specific, Not Architecture-Specific, System on Chip, Memory Hardware, Storage Hardware.

Comment puis-je prévenir CWE-1246 ?

Include secure wear leveling algorithms and ensure they may not be bypassed.

Comment Plexicus détecte et corrige CWE-1246 ?

Le moteur SAST de Plexicus reconnaît la signature de flux de données de CWE-1246 à chaque commit. Lorsqu'une correspondance est trouvée, notre agent Codex Remedium ouvre une PR de correction avec le code corrigé, les tests et un résumé d'une ligne pour le relecteur.

Où puis-je en savoir plus sur CWE-1246 ?

MITRE publie la définition canonique à https://cwe.mitre.org/data/definitions/1246.html. Vous pouvez également consulter la documentation OWASP et NIST pour des conseils adjacents.

Faiblesses associées

Weaknesses related to CWE-1246

CWE-400 Parent

Uncontrolled Resource Consumption

This vulnerability occurs when an application fails to properly manage a finite resource, allowing an attacker to exhaust it and cause a…

CWE-1235 Frère

Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations

This weakness occurs when a program relies on automatic boxing and unboxing of primitive types within performance-sensitive code sections,…

CWE-405 Frère

Asymmetric Resource Consumption (Amplification)

This vulnerability occurs when a system allows an attacker to trigger a disproportionate amount of resource consumption—like CPU, memory,…

CWE-770 Frère

Allocation of Resources Without Limits or Throttling

This vulnerability occurs when a system allows users or processes to request resources without any built-in caps or rate limits. Think of…

CWE-771 Frère

Missing Reference to Active Allocated Resource

This vulnerability occurs when software loses track of a resource it has allocated, like memory or a file handle, preventing the system…

CWE-779 Frère

Logging of Excessive Data

This vulnerability occurs when an application records more information than necessary in its logs, making log files difficult to analyze…

CWE-920 Frère

Improper Restriction of Power Consumption

This vulnerability occurs when software running on a power-constrained device, like a battery-powered mobile or embedded system, fails to…

Ressources

Further reading

Prêt quand vous l'êtes

Arrêtez de payer par développeur.
Commencez à fermer la boucle.

Plexicus est l'ASPM natif IA qui scanne, filtre, corrige, penteste et explique — de façon autonome. Développeurs illimités, dépôts illimités, actions IA à usage équitable. Vrai niveau gratuit, €269/mo annuel quand vous êtes prêt.

Commencer gratuitement Réserver une démo