Dell and HP have been among the to start with to launch patches and fixes for the bug.
Chipmaker Intel is reporting a memory bug impacting microprocessor firmware used in “hundreds” of goods. According to an advisory issued by the business on Tuesday, the bug is firmware-centered and rated as “high” risk with a Prevalent Vulnerability Scoring Technique (CVSS) rating of 7.
The vulnerability resides inside some of the Intel Optane SSD and Intel Optane Facts Heart (DC) merchandise, the affect of which permits privilege escalation, denial of services (DoS), or information and facts disclosure.
Protect yourself against all threads using Malwarebytes. Get Malwarebytes Premium with 60% discount from a Malwarebytes official seller SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
“Potential security vulnerabilities in some Intel Optane SSD and Intel Optane SSD Facts Centre goods may perhaps let escalation of privilege, denial of services or facts disclosure,” claimed Intel.
Intel has launched the firmware updates and prescriptive guidance for Optane SSD Bugs that initially surfaced a yr back.
Sound-state drives (SSD) are used for information storage. Intel optane memory is a program acceleration alternative that is used to raise the response time to stop-consumer requests, the Optane memory is put in between the processor and slower storage gadgets (SATA HDD, SSHD, SSD). The optane memory stores generally applied facts and systems closer to the processor.
The Intel Optane Facts Centre SSD is applied to reduce information middle storage bottlenecks and supplies storage for even bigger and extra reasonably priced knowledge sets, so optimizing the over-all overall performance.
Vulnerability Details
CVE-2021-33078
According to Intel, it has the CVSS base score of 7.9 and is explained as a Race condition inside a thread in Intel Optane SSD and Intel Optane SSD DC goods. An attacker getting privileged user accessibility may perform a denial-of-provider attack by way of area access.
The race problem takes place when two thread tries to access a shared variable at the exact same time.
CVE-2021-33077
This vulnerability is explained as inadequate command stream management in firmware for Intel SSD and Intel SSD DC merchandise. An unauthenticated consumer could possibly leverage this vulnerability to conduct privilege escalation via bodily obtain.
It has a CVSS base score of 7.3
CVE-2021-33080
An attacker can complete info disclosure or privilege escalation by means of actual physical access on Intel SSD DC, Intel Optane SSD, and Intel Optane SSD DC goods. The vulnerability is prompted simply because of the publicity of sensitive facts thanks to unclear debug data in firmware.
It has a CVSS foundation score of 7.3
Intel also unveiled five extra vulnerabilities which are rated as medium. Checklist of which is presented below:
- CVE-2021-33074
- CVE-2021-33069
- CVE-2021-33075
- CVE-2021-33083
- CVE-2021-33082
Influenced Merchandise
Intel has unveiled a checklist of its solutions that are influenced by these vulnerabilities.
The afflicted items include all variations of Intel Optane SSD DC D4800X and P4800X/P4801X Series which include the past version E2010600. The Intel Optane SSD P5800X Sequence right before version L3010200 as well as 905P/900P Collection all variations are afflicted.
The afflicted products also involve Intel optane memory H10 and H20 with Solid Point out Storage Sequence for all variations.
The client with afflicted Intel SSD or Intel SSD DC NAND products and solutions ought to consult the security advisory or speak to Solidigm.
Suggestions and Updates
Updates had been released by Intel and can be downloaded in this article, the advisory issued by Intel also contains a achievable workaround for CVE-2021-33082.
Some elements of this short article are sourced from:
threatpost.com
Actively Exploited Zero-Day Bug Patched by Microsoft