Intel® SSD Advisory

Summary:

Potential security vulnerabilities in multiple Intel® Solid State Drive (SSD) products may allow information disclosure.** **Intel is releasing firmware updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVE ID: CVE-2020-12309

Description: Insufficiently protected credentials in subsystem in some Intel® Client SSDs and some Intel® Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access.

CVSS Base Score: 7.3 High

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

CVE ID: CVE-2020-12310

Description: Insufficient control flow management in firmware in some Intel® Client SSDs and some Intel® Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access.

CVSS Base Score: 6.8 Medium

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CVE ID: CVE-2020-12311

Description: Insufficient control flow management in firmware in some Intel® Client SSDs and some Intel® Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

CVEID: CVE-2020-0584

Description: Buffer overflow in firmware for Intel® SSD DC P4800X and P4801X Series, Intel® Optane™ SSD 900P and 905P Series may allow an unauthenticated user to potentially enable a denial of service via local access.

CVSS Base Score: 6.2 Medium

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

Intel® SSD Pro 6000p Series

Intel® SSD Pro 5450s

Intel® SSD E 5100s Series

Intel® SSD Pro 5400s Series

Intel® SSD Pro 7600p Series

Intel® SSD 760p Series

Intel® SSD E 6100p Series

Intel® SSD 660p Series

Intel® Optane™ SSD 905P Series

Intel® Optane™ SSD 900P Series

Intel® SSD DC P4510 Series

Intel® SSD DC P4610 Series

Intel® SSD DC P4800X Series

Intel® SSD DC P4801X Series

Intel® SSD DC P4101 Series

Recommendations:

Intel recommends updating Intel® SSD products to the latest firmware version or higher (see table).

Client Product Names

|

Mitigated firmware version

—|—

Intel® SSD Pro 6000p Series

|

PSF131P

Intel® SSD Pro 5450s

|

LHF005P/LHF0B3P(2TB)

Intel® SSD E 5100s Series

|

LHF004E/LHF0AE3(64GB)

Intel® SSD Pro 5400s Series

|

LBF017P/LSF043P

Intel® SSD Pro 7600p Series

|

FW: 005P

Intel® SSD 760p Series

|

FW: 005C

Intel SSD E 6100p Series

|

FW: 005E

Intel® SSD 660p Series

|

FW: 004C

Intel® Optane™ SSD 905P Series

|

E2010480

Intel® Optane™ SSD 900P Series

|

E2010480

Datacenter Product Names

|

Mitigated firmware version

—|—

Intel® SSD DC P4510 Series OPAL U.2 only

|

VDV10170

Intel® SSD DC P4610 Series OPAL

|

VDV10170

Intel® SSD DC P4800X Series

|

E2010485

Intel® DC P4801X Series

|

E2010485

Intel® SSD DC P4101 Series

|

008D

Updates are available for download at this location:

<https://downloadcenter.intel.com/download/29820/Intel-Memory-and-Storage-Tool-GUI&gt;

Acknowledgements:

These issues were found internally by Intel.****

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.