A potential security vulnerability in some Intel® Optane™ Persistent Memory (PMem) may allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability.
CVEID: CVE-2021-0083
Description: Improper input validation in some Intel® Optane™ PMem versions before versions 1.2.0.5446 or 2.2.0.1547 may allow a privileged user to potentially enable denial of service via local access.
CVSS Base Score: 6.0 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H****
Intel® Optane™ PMem with firmware before versions 1.2.0.5446 or 2.2.0.1547.
Processor
|
Mitigated version or higher
—|—
3rd Generation Intel® Xeon® Scalable Processor
|
Intel® Optane™ Pmem 200 Series
2.2.0.1547
2nd Generation Intel® Xeon® Scalable Processor
Intel® Xeon® W Processor 3200 Series
|
Intel® Optane™ Pmem 100 Series
1.2.0.5446
Intel recommends that users of Intel® Optane™ PMem update to versions 1.2.0.5446 or 2.2.0.1547 or later provided by the system manufacturer that addresses these issues.
This issue was found internally by Intel. Intel would like to thank Paul Leung, Jaroslaw Poswiata, Michael Pham, Stephen Thompson and Wojciech Pasternak.****
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.