477 matches found
Authorization
Insufficient write protection in firmware for IntelR OptaneTM SSD DC P4800X before version E2010435 may allow a privileged user to potentially enable a denial of service via local access...
CVE-2018-12166
Insufficient write protection in firmware for IntelR OptaneTM SSD DC P4800X before version E2010435 may allow a privileged user to potentially enable a denial of service via local access...
Design/Logic Flaw
Firmware update routine in bootloader for IntelR OptaneTM SSD DC P4800X before version E2010435 may allow a privileged user to potentially enable a denial of service via local access...
CVE-2018-3703
Improper directory permissions in the installer for the IntelR SSD Data Center Tool for Windows before v3.0.17 may allow authenticated users to potentially enable an escalation of privilege via local access...
CVE-2018-3703
Intel’s advisory for CVE-2018-3703 describes an elevation-of-privilege vulnerability in the Intel SSD Data Center Tool for Windows prior to v3.0.17 caused by improper directory permissions in the installer. The issue could let authenticated local users escalate privileges. A mitigation is to upda...
CVE-2018-12166
CVE-2018-12166 affects Intel® Optane™ SSD DC P4800X firmware prior to version E2010435. The issue is insufficient write protection that may allow a privileged local user to cause a denial of service. Intel’s advisory INTEL-SA-00175 confirms affected products and the recommended remediation: updat...
CVE-2018-12167
Intel Optane SSD DC P4800X firmware: CVE-2018-12167 involves the bootloader firmware update routine where a privileged local attacker could enable a denial of service. Affected pre-E2010435 revisions are vulnerable. Intel advisory INTEL-SA-00175 confirms the issue and provides remediation guidanc...
CVE-2018-12166
Insufficient write protection in firmware for IntelR OptaneTM SSD DC P4800X before version E2010435 may allow a privileged user to potentially enable a denial of service via local access...
CVE-2018-12167
Firmware update routine in bootloader for IntelR OptaneTM SSD DC P4800X before version E2010435 may allow a privileged user to potentially enable a denial of service via local access...
CVE-2018-3703
Improper directory permissions in the installer for the IntelR SSD Data Center Tool for Windows before v3.0.17 may allow authenticated users to potentially enable an escalation of privilege via local access...
Intel Patches High-Severity Privilege-Escalation Bugs
Intel on Tuesday patched three high-severity vulnerabilities that could allow the escalation of privileges across an array of products. Overall, the chip giant fixed five bugs – three rated high-severity, and two medium-severity. The most concerning of these bugs is an escalation-of-privilege...
Intel® Optane™ SSD DC P4800X Advisory
Summary: A potential security vulnerability in Intel® Optane™ SSD DC P4800X may allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2018-12166 Description: Insufficient write protection in firmware for IntelR...
CVE-2018-18097
Improper directory permissions in Intel Solid State Drive Toolbox before 3.5.7 may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2018-12037
An issue was discovered on Samsung 840 EVO and 850 EVO devices only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode, Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows...
Code injection
An issue was discovered on Samsung 840 EVO and 850 EVO devices only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode, Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows...
CVE-2018-12037
An issue was discovered on Samsung 840 EVO and 850 EVO devices only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode, Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows...
CVE-2018-12037
CVE-2018-12037 affects self-encrypting drives (TCG Opal/ATA‑based) where there is no cryptographic binding between the user password and the Disk Encryption Key, enabling full data access by someone with privileged access to the drive controller in ATA High mode. Affected devices per the sources ...
CVE-2018-19279
PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater...
Design/Logic Flaw
PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater...
CVE-2018-19279
PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater...