Potential security vulnerabilities in multiple Intel® Solid State Drive (SSD) products may allow information disclosure.** **Intel is releasing firmware updates to mitigate these potential vulnerabilities.
CVE ID: CVE-2020-12309
Description: Insufficiently protected credentials in subsystem in some Intel® Client SSDs and some Intel® Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access.
CVSS Base Score: 7.3 High
CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
CVE ID: CVE-2020-12310
Description: Insufficient control flow management in firmware in some Intel® Client SSDs and some Intel® Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access.
CVSS Base Score: 6.8 Medium
CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
CVE ID: CVE-2020-12311
Description: Insufficient control flow management in firmware in some Intel® Client SSDs and some Intel® Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
CVEID: CVE-2020-0584
Description: Buffer overflow in firmware for Intel® SSD DC P4800X and P4801X Series, Intel® Optane™ SSD 900P and 905P Series may allow an unauthenticated user to potentially enable a denial of service via local access.
CVSS Base Score: 6.2 Medium
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Intel® SSD Pro 6000p Series
Intel® SSD Pro 5450s
Intel® SSD E 5100s Series
Intel® SSD Pro 5400s Series
Intel® SSD Pro 7600p Series
Intel® SSD 760p Series
Intel® SSD E 6100p Series
Intel® SSD 660p Series
Intel® Optane™ SSD 905P Series
Intel® Optane™ SSD 900P Series
Intel® SSD DC P4510 Series
Intel® SSD DC P4610 Series
Intel® SSD DC P4800X Series
Intel® SSD DC P4801X Series
Intel® SSD DC P4101 Series
Intel recommends updating Intel® SSD products to the latest firmware version or higher (see table).
Client Product Names
|
Mitigated firmware version
—|—
Intel® SSD Pro 6000p Series
|
PSF131P
Intel® SSD Pro 5450s
|
LHF005P/LHF0B3P(2TB)
Intel® SSD E 5100s Series
|
LHF004E/LHF0AE3(64GB)
Intel® SSD Pro 5400s Series
|
LBF017P/LSF043P
Intel® SSD Pro 7600p Series
|
FW: 005P
Intel® SSD 760p Series
|
FW: 005C
Intel SSD E 6100p Series
|
FW: 005E
Intel® SSD 660p Series
|
FW: 004C
Intel® Optane™ SSD 905P Series
|
E2010480
Intel® Optane™ SSD 900P Series
|
E2010480
Datacenter Product Names
|
Mitigated firmware version
—|—
Intel® SSD DC P4510 Series OPAL U.2 only
|
VDV10170
Intel® SSD DC P4610 Series OPAL
|
VDV10170
Intel® SSD DC P4800X Series
|
E2010485
Intel® DC P4801X Series
|
E2010485
Intel® SSD DC P4101 Series
|
008D
Updates are available for download at this location:
<https://downloadcenter.intel.com/download/29820/Intel-Memory-and-Storage-Tool-GUI>
These issues were found internally by Intel.****
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.