Category: Memory and Storage Issues
Draft
Summary
Weaknesses in this category are typically associated with memory (e.g., DRAM, SRAM) and storage technologies (e.g., NAND Flash, OTP, EEPROM, and eMMC).
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1246 | Improper Write Handling in Limited-write Non-Volatile Memories | The product does not implement or incorrectly implements wear leveling operations in limited-write non-volatile memories. |
| CWE-1251 | Mirrored Regions with Different Values | The product's architecture mirrors regions without ensuring that their contents always stay in sync. |
| CWE-1257 | Improper Access Control Applied to Mirrored or Aliased Memory Regions | Aliased or mirrored memory regions in hardware designs may have inconsistent read/write permissions enforced by the hardware. A possible result is that an untrusted agent is blocked from accessing a memory region but is not blocked from accessing the corresponding aliased memory region. |
| CWE-1282 | Assumed-Immutable Data is Stored in Writable Memory | Immutable data, such as a first-stage bootloader, device identifiers, and "write-once" configuration settings are stored in writable memory that can be re-programmed or updated in the field. |
| CWE-1420 | Exposure of Sensitive Information during Transient Execution | A processor event or prediction may allow incorrect operations (or correct operations with incorrect data) to execute transiently, potentially exposing data over a covert channel. |
| CWE-226 | Sensitive Information in Resource Not Removed Before Reuse | The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities. |
| CWE-1194 | Hardware Design | This view organizes weaknesses around concepts that are frequently used or encountered in hardware design. Accordingly, this view can align closely with the perspectives of designers, manufacturers, educators, and assessment vendors. It provides a variety of categories that are intended to simplify navigation, browsing, and mapping. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.