Lucene search

Intel Security CenterINTEL:INTEL-SA-00758

HistoryNov 14, 2023 - 12:00 a.m.

Intel® Optane™ SSD and Intel® Optane™ SSD DC Firmware Advisory

2023-11-1400:00:00

Intel Security Center

www.intel.com

intel optane ssd

ssd dc

security vulnerabilities

firmware updates

mitigation

coordinated disclosure

intel employees

privilege escalation

information disclosure

denial of service

vulnerability details

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.4%

JSON

Summary:

Potential security vulnerabilities in some Intel® Optane™ SSD and some Intel® Optane™ SSD DC products may allow escalation of privilege, information disclosure or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2023-24587

Description: Insufficient control flow management in firmware for some Intel® Optane™ SSD products may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score: 6.9 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:H

CVEID: CVE-2023-27519

Description: Improper input validation in firmware for some Intel® Optane™ SSD products may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.9 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L

CVEID: CVE-2023-27879

Description: Improper access control in firmware for some Intel® Optane™ SSD products may allow an unauthenticated user to potentially enable information disclosure via physical access.

CVSS Base Score: 6.8 Medium

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CVEID: CVE-2023-27306

Description: Improper Initialization in firmware for some Intel® Optane™ SSD products may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CVEID: CVE-2023-24588

Description: Exposure of sensitive information to an unauthorized actor in firmware for some Intel® Optane™ SSD products may allow an unauthenticated user to potentially enable information disclosure via physical access.

CVSS Base Score: 5.9 Medium

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

Affected Products:

Product Family

Intel® Optane™ Memory H20 with Solid State Storage
Intel® Optane™ SSD 9 Series
Intel® Optane™ SSD DC P4800X Series
Intel® Optane™ SSD DC P4801X Series

Recommendation:

Intel recommends updating Intel® Optane™ SSD DC and Intel® Optane™ SSD Firmware to the latest version (see provided table).

Product Family - Mitigated versions

Intel® Optane™ Memory H20 with Solid State Storage - U4110553-G004
Intel® Optane™ SSD 9 Series - E2010650
Intel® Optane™ SSD DC P4800X Series - E2010650
Intel® Optane™ SSD DC P4801X Series - E2010650

Updates are available for download at this location:

Windows update tool:
Intel® Memory and Storage Tool (GUI)
Linux update tool:
Intel® Memory and Storage Tool CLI (Command-Line Interface)

Acknowledgements:

These issues were found internally by Intel employees.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.