Improper Write Handling in Limited-write Non-Volatile Memories

Incomplete Base

Structure: Simple

Description

The product does not implement or incorrectly implements wear leveling operations in limited-write non-volatile memories.

Extended Description

Non-volatile memories such as NAND Flash, EEPROM, etc. have individually erasable segments, each of which can be put through a limited number of program/erase or write cycles. For example, the device can only endure a limited number of writes, after which the device becomes unreliable. In order to wear out the cells in a uniform manner, non-volatile memory and storage products based on the above-mentioned technologies implement a technique called wear leveling. Once a set threshold is reached, wear leveling maps writes of a logical block to a different physical block. This prevents a single physical block from prematurely failing due to a high concentration of writes. If wear leveling is improperly implemented, attackers may be able to programmatically cause the storage to become unreliable within a much shorter time than would normally be expected.

Common Consequences 1

Scope: Availability

Impact: DoS: Instability

Potential Mitigations 1

Phase: Architecture and DesignImplementationTesting

Include secure wear leveling algorithms and ensure they may not be bypassed.

Effectiveness: High

Demonstrative Examples 1

An attacker can render a memory line unusable by repeatedly causing a write to the memory line.

Below is example code from [REF-1058] that the user can execute repeatedly to cause line failure. W is the maximum associativity of any cache in the system; S is the size of the largest cache in the system.

Code Example:

Attack

C++

// Do aligned alloc of (W+1) arrays each of size S while(1) {

c++

Without wear leveling, the above attack will be successful. Simple randomization of blocks will not suffice as instead of the original physical block, the randomized physical block will be worn out.

Code Example:Good
Other
other

References 2

Enhancing Lifetime and Security of PCM-Based Main Memory with Start-Gap Wear Leveling

Moinuddin Qureshi, Michele Franchescini, Vijayalakshmi Srinivasan, Luis Lastras, Bulent Abali, and John Karidis

https://www.seas.upenn.edu/~leebcc/teachdir/ece299_fall10/Qureshi09_pcmWear.pdf(2023-04-07)

ID: REF-1058

Bad Block Management in NAND Flash Memory

Micron

https://e2e.ti.com/cfs-file/__key/communityserver-discussions-components-files/791/tn2959_5F00_bbm_5F00_in_5F00_nand_5F00_flash.pdf(2025-07-29)

ID: REF-1059

Applicable Platforms

Languages:

Not Language-Specific : Undetermined

Technologies:

System on Chip : UndeterminedMemory Hardware : UndeterminedStorage Hardware : Undetermined

Modes of Introduction

Architecture and Design

Implementation

Related Attack Patterns

212
Improper Removal of Sensitive Information Before Storage or Transfer

Related Weaknesses

ChildOf:

Uncontrolled Resource Consumption (CWE-400)

Taxonomy Mapping

ISA/IEC 62443
ISA/IEC 62443
ISA/IEC 62443