Dell and HP were being among the initial to launch patches and fixes for the bug.
Chipmaker Intel is reporting a memory bug impacting microprocessor firmware made use of in “hundreds” of items. According to an advisory issued by the company on Tuesday, the bug is firmware-centered and rated as “high” risk with a Prevalent Vulnerability Scoring Technique (CVSS) rating of 7.
The vulnerability resides inside of some of the Intel Optane SSD and Intel Optane Facts Centre (DC) products, the influence of which lets privilege escalation, denial of provider (DoS), or information and facts disclosure.
“Potential security vulnerabilities in some Intel Optane SSD and Intel Optane SSD Knowledge Middle products and solutions may well allow for escalation of privilege, denial of assistance or data disclosure,” described Intel.
Intel has released the firmware updates and prescriptive direction for Optane SSD Bugs that first surfaced a 12 months in the past.
Solid-condition drives (SSD) are used for information storage. Intel optane memory is a procedure acceleration alternative that is utilized to maximize the response time to finish-person requests, the Optane memory is set up involving the processor and slower storage equipment (SATA HDD, SSHD, SSD). The optane memory suppliers normally applied data and systems closer to the processor.
The Intel Optane Info Middle SSD is employed to get rid of details centre storage bottlenecks and offers storage for greater and much more inexpensive data sets, hence optimizing the over-all efficiency.
Vulnerability Details
CVE-2021-33078
According to Intel, it has the CVSS foundation score of 7.9 and is described as a Race affliction within just a thread in Intel Optane SSD and Intel Optane SSD DC products and solutions. An attacker gaining privileged consumer accessibility could execute a denial-of-assistance attack by way of nearby obtain.
The race problem occurs when two thread tries to access a shared variable at the similar time.
CVE-2021-33077
This vulnerability is described as inadequate control circulation management in firmware for Intel SSD and Intel SSD DC products and solutions. An unauthenticated user may well leverage this vulnerability to perform privilege escalation by using physical entry.
It has a CVSS base rating of 7.3
CVE-2021-33080
An attacker can perform info disclosure or privilege escalation by using bodily accessibility on Intel SSD DC, Intel Optane SSD, and Intel Optane SSD DC products and solutions. The vulnerability is triggered due to the fact of the publicity of delicate facts thanks to unclear debug information in firmware.
It has a CVSS base score of 7.3
Intel also disclosed five additional vulnerabilities which are rated as medium. List of which is presented below:
- CVE-2021-33074
- CVE-2021-33069
- CVE-2021-33075
- CVE-2021-33083
- CVE-2021-33082
Influenced Products and solutions
Intel has launched a checklist of its products and solutions that are influenced by these vulnerabilities.
The influenced products and solutions incorporate all versions of Intel Optane SSD DC D4800X and P4800X/P4801X Sequence like the preceding version E2010600. The Intel Optane SSD P5800X Collection prior to edition L3010200 as effectively as 905P/900P Series all variations are influenced.
The afflicted products also include things like Intel optane memory H10 and H20 with Solid Point out Storage Sequence for all variations.
The buyer with influenced Intel SSD or Intel SSD DC NAND goods should really seek advice from the security advisory or contact Solidigm.
Suggestions and Updates
Updates were being produced by Intel and can be downloaded below, the advisory issued by Intel also includes a feasible workaround for CVE-2021-33082.
Some parts of this article are sourced from:
threatpost.com