Potential security vulnerabilities in some Intel® Optane™ SSD and Intel® Optane™ SSD Data Center (DC) products may allow escalation of privilege, denial of service or information disclosure. Intel is releasing firmware updates and prescriptive guidance to mitigate these potential vulnerabilities.
CVEID: CVE-2021-33078
Description: Race condition within a thread in firmware for some Intel® Optane™ SSD and Intel® SSD DC Products may allow a privileged user to potentially enable denial of service via local access.
CVSS Base Score: 7.9 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H****
CVEID: CVE-2021-33077
Description: Insufficient control flow management in firmware for some Intel® SSD, Intel® Optane™ SSD and Intel® SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
CVSS Base Score: 7.3 High
CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N****
CVEID: CVE-2021-33080
Description: Exposure of sensitive system information due to uncleared debug information in firmware for some Intel® SSD DC, Intel® Optane™ SSD and Intel® Optane™ SSD DC Products may allow an unauthenticated user to potentially enable information disclosure or escalation of privilege via physical access.
CVSS Base Score: 7.3 High
CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N****
CVEID: CVE-2021-33074
Description: Protection mechanism failure in firmware for some Intel® SSD, Intel® SSD DC and Intel® Optane™ SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access.
CVSS Base Score: 6.8 Medium
CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N****
CVEID: CVE-2021-33069
Description: Improper resource shutdown or release in firmware for some Intel® SSD, Intel® SSD DC, Intel® Optane™ SSD and Intel® Optane™ SSD DC may allow a privileged user to potentially enable denial of service via local access.
CVSS Base Score: 6.0 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H****
CVEID: CVE-2021-33075
Description: Race condition in firmware for some Intel® Optane™ SSD, Intel® Optane™ SSD DC and Intel® SSD DC Products may allow a privileged user to potentially enable denial of service via local access.
CVSS Base Score: 6.0 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H****
CVEID: CVE-2021-33083
Description: Improper authentication in firmware for some Intel® SSD, Intel® Optane™ SSD, Intel® Optane™ SSD DC and Intel® SSD DC Products may allow an privileged user to potentially enable information disclosure via local access.
CVSS Base Score: 6.0 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H****
CVEID: CVE-2021-33082
Description: Sensitive information in resource not removed before reuse in firmware for some Intel® SSD and Intel® Optane™ SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access.
CVSS Base Score: 5.3 Medium
CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N****
Effective December 29th, 2021, the following products continue being supported by Intel Corporation:
Intel® Optane™ SSD DC D4800X Series all versions.
Intel® Optane™ SSD DC P4800X/P4801X Series before version E2010600.
Intel® Optane™ SSD P5800X Series before version L3010200.
Intel® Optane™ SSD 905P/900P Series all versions.
Intel® Optane Memory H10 with Solid State Storage Series all versions.
Intel® Optane Memory H20 with Solid State Storage Series all versions.
For affected Intel® SSD or Intel® SSD DC NAND products, Intel recommends customers consult the security advisory published at <https://www.solidigmtechnology.com/en/support.html> or contact Solidigm™ technology at [email protected].
Product Family
|
Mitigated Version or higher
—|—
Intel® Optane™ SSD DC D4800X Series
|
Consult prescriptive guidance
Intel® Optane™ SSD DC P4800X/P4801X Series
|
E2010600
Intel® Optane™ SSD P5800X Series
|
L0310200
Intel® Optane™ Memory H20 with Solid State Storage
|
PGF028K
Consult prescriptive guidance
Intel® Optane™ Memory H10 with Solid State Storage
|
TGF061K
Intel® Optane™ SSD 905P/900P Series
|
FW600
Prescriptive guidance for CVE-2021-33082: A possible workaround is to use one of the following commands listed below instead of the Sanitize command with Block Erase operation:
Check the Identify Controller Data Structure below, for capability your drive supports in lieu of sanitize erase feature:
Updates are available for download at this location: <https://www.intel.com/content/www/us/en/support/products/35125/memory-and-storage.html#support-product-selector>
These issues were found internally by Intel.****
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.