A potential security vulnerability in the Intel® Storage NVMe and Rapid Storage Technology (RSTe) driver packs may allow escalation of privilege.
CVEID: CVE-2018-12131
Description: Permissions in the driver pack installers for Intel® NVMe before version 4.0.0.1007 and Intel® RSTe before version 4.7.0.2083 may allow an authenticated user to potentially escalate privilege via local access.
CVSS Base Score: 5.0 Medium
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
Intel® Client NVMe Versions 4.0.0.1006 and before.
Datacenter NVMe Versions 4.0.0.1006 and before.
Intel® RSTe before version 4.7.0.2083.
Intel recommends that users of Intel® NVMe and Intel® RSTe drivers update to the following versions, or later:
Intel® RSTe v4.7.0.2083 please contact your Intel Field Application Engineer.
NVMe v4.0.0.1007 download from: <https://downloadcenter.intel.com/product/79678/Intel-SSD-750-Series>
Intel would like to thank Marius Gabriel Mihai for reporting this issue and working with us on coordinated disclosure.