1. Home
  2. CWE Database
  3. CWE-1330
Variant · Low-Medium

CWE-1330: Remanent Data Readable after Memory Erase

Confidential information stored in memory circuits is readable or recoverable after being cleared or erased.

CWE-1330 · Variant Level ·1 CVEs ·1 Mitigations

Description

Confidential information stored in memory circuits is readable or recoverable after being cleared or erased.

Data remanence occurs when stored, memory content is not fully lost after a memory-clear or -erase operation. Confidential memory contents can still be readable through data remanence in the hardware. Data remanence can occur because of performance optimization or memory organization during 'clear' or 'erase' operations, like a design that allows the memory-organization metadata (e.g., file pointers) to be erased without erasing the actual memory content. To protect against this weakness, memory devices will often support different commands for optimized memory erase and explicit secure erase. Data remanence can also happen because of the physical properties of memory circuits in use. For example, static, random-access-memory (SRAM) and dynamic, random-access-memory (DRAM) data retention is based on the charge retained in the memory cell, which depends on factors such as power supply, refresh rates, and temperature. Other than explicit erase commands, self-encrypting, secure-memory devices can also support secure erase through cryptographic erase commands. In such designs, only the decryption keys for encrypted data stored on the device are erased. That is, the stored data are always remnant in the media after a cryptographic erase. However, only the encrypted data can be extracted. Thus, protection against data recovery in such designs relies on the strength of the encryption algorithm.

Potential Impact

Confidentiality

Modify Memory, Read Memory

Demonstrative Examples

Consider a device that uses flash memory for non-volatile-data storage. To optimize flash-access performance or reliable-flash lifetime, the device might limit the number of flash writes/erases by maintaining some state in internal SRAM and only committing changes to flash memory periodically.
The device also supports user reset to factory defaults with the expectation that all personal information is erased from the device after this operation. On factory reset, user files are erased using explicit, erase commands supported by the flash device.
In the given, system design, the flash-file system can support performance-optimized erase such that only the file metadata are erased and not the content. If this optimized erase is used for files containing user data during factory-reset flow, then device, flash memory can contain remanent data from these files.
On device-factory reset, the implementation might not erase these copies, since the file organization has changed and the flash file system does not have the metadata to track all previous copies.
A flash-memory region that is used by a flash-file system should be fully erased as part of the factory-reset flow. This should include secure-erase flow for the flash media such as overwriting patterns multiple times followed by erase.

Mitigations & Prevention

Architecture and Design

Detection Methods

  • Architecture or Design Review
  • Dynamic Analysis with Manual Results Interpretation

Real-World CVE Examples

CVE IDDescription
CVE-2019-8575Firmware Data Deletion Vulnerability in which a base station factory reset might not delete all user information. The impact of this enables a new owner of a used device that has been "factory-default

CWE-1301: Insufficient or Incomplete Data Removal within Hardware Component

The product's data removal process does not completely delete all data and potentially sensitive information within hard...

Frequently Asked Questions

What is CWE-1330?

CWE-1330 (Remanent Data Readable after Memory Erase) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. Confidential information stored in memory circuits is readable or recoverable after being cleared or erased.

How can CWE-1330 be exploited?

Attackers can exploit CWE-1330 (Remanent Data Readable after Memory Erase) to modify memory, read memory. This weakness is typically introduced during the Architecture and Design, Implementation phase of software development.

How do I prevent CWE-1330?

Key mitigations include:

What is the severity of CWE-1330?

CWE-1330 is classified as a Variant-level weakness (Low-Medium abstraction). It has been observed in 1 real-world CVEs.