Intel Memory Bug Poses Risk for Hundreds of Products

Chipmaker Intel is reporting a memory bug impacting microprocessor firmware used in “hundreds” of goods. According to an advisory issued by the business on Tuesday, the bug is firmware-centered and rated as “high” risk with a Prevalent Vulnerability Scoring Technique (CVSS) rating of  7.

The vulnerability resides inside some of the Intel Optane SSD and Intel Optane Facts Heart (DC) merchandise, the affect of which permits privilege escalation, denial of services (DoS), or information and facts disclosure.

“Potential security vulnerabilities in some Intel Optane SSD and Intel Optane SSD Facts Centre goods may perhaps let escalation of privilege, denial of services or facts disclosure,” claimed Intel.

Intel has launched the firmware updates and prescriptive guidance for Optane SSD Bugs that initially surfaced a yr back.

Sound-state drives (SSD) are used for information storage. Intel optane memory is a program acceleration alternative that is used to raise the response time to stop-consumer requests, the Optane memory is put in between the processor and slower storage gadgets (SATA HDD, SSHD, SSD). The optane memory stores generally applied facts and systems closer to the processor.

The Intel Optane Facts Centre SSD is applied to reduce information middle storage bottlenecks and supplies storage for even bigger and extra reasonably priced knowledge sets, so optimizing the over-all overall performance.

Vulnerability Details 

CVE-2021-33078

According to Intel, it has the CVSS base score of 7.9 and is explained as a Race condition inside a thread in Intel Optane SSD and Intel Optane SSD DC goods. An attacker getting privileged user accessibility may perform a denial-of-provider attack by way of area access.

The race problem takes place when two thread tries to access a shared variable at the exact same time.

CVE-2021-33077

This vulnerability is explained as inadequate command stream management in firmware for Intel SSD and Intel SSD DC merchandise. An unauthenticated consumer could possibly leverage this vulnerability to conduct privilege escalation via bodily obtain.

It has a CVSS base score of 7.3

CVE-2021-33080

An attacker can complete info disclosure or privilege escalation by means of actual physical access on Intel SSD DC, Intel Optane SSD, and Intel Optane SSD DC goods. The vulnerability is prompted simply because of the publicity of sensitive facts thanks to unclear debug data in firmware.

It has a CVSS foundation score of 7.3

Intel also unveiled five extra vulnerabilities which are rated as medium. Checklist of which is presented below:

• CVE-2021-33074
•  CVE-2021-33069
•  CVE-2021-33075
• CVE-2021-33083
• CVE-2021-33082

Influenced Merchandise

Intel has unveiled a checklist of its solutions that are influenced by these vulnerabilities.

The afflicted items include all variations of Intel Optane SSD DC D4800X and P4800X/P4801X Series which include the past version E2010600. The Intel Optane SSD  P5800X Sequence right before version L3010200 as well as 905P/900P Collection all variations are afflicted.

The afflicted products also involve Intel optane memory H10 and H20 with Solid Point out Storage Sequence for all variations.

The client with afflicted Intel SSD or Intel SSD DC NAND products and solutions ought to consult the security advisory or speak to Solidigm.

Suggestions and Updates

Updates had been released by Intel and can be downloaded in this article, the advisory issued by Intel also contains a achievable workaround for CVE-2021-33082.