Intel® NVMe and Intel® RSTe Driver Pack Advisory

Summary:

A potential security vulnerability in the Intel® Storage NVMe and Rapid Storage Technology (RSTe) driver packs may allow escalation of privilege.

Vulnerability Details:

CVEID: CVE-2018-12131

Description: Permissions in the driver pack installers for Intel® NVMe before version 4.0.0.1007 and Intel® RSTe before version 4.7.0.2083 may allow an authenticated user to potentially escalate privilege via local access.

CVSS Base Score: 5.0 Medium

CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

Affected Products:

Intel® Client NVMe Versions 4.0.0.1006 and before.

Datacenter NVMe Versions 4.0.0.1006 and before.

Intel® RSTe before version 4.7.0.2083.

Recommendations:

Intel recommends that users of Intel® NVMe and Intel® RSTe drivers update to the following versions, or later:

Intel® RSTe v4.7.0.2083 please contact your Intel Field Application Engineer.

NVMe v4.0.0.1007 download from: <https://downloadcenter.intel.com/product/79678/Intel-SSD-750-Series&gt;

Acknowledgements:

Intel would like to thank Marius Gabriel Mihai for reporting this issue and working with us on coordinated disclosure.