Support Center > 详细页 > 安全公告详细
Support Center > Security Bulletins History > Security Advisory

Security Advisory - Intel SSD Vulnerabilities

  • SA No KAYTUS-SA-20220708-001
  • Initial Release Date 2022-07-08 16:30:55
  • last Release Date 2024-10-31 17:43:08
  • Source Intel Security Advisory
  • Potential Security Impact Local: Disclosure of Information or Escalation of privilege or DOS
Vulnerability Summary

Potential security vulnerabilities in some Intel Optane SSD and Intel Optane SSD Data Center (DC) products may allow escalation of privilege, denial of service or information disclosure.
CVE-2021-33078
Race condition within a thread in firmware for some Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access.
CVE-2021-33077
Insufficient control flow management in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
CVE-2021-33080
Exposure of sensitive system information due to uncleared debug information in firmware for some Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC Products may allow an unauthenticated user to potentially enable information disclosure or escalation of privilege via physical access.
CVE-2021-33074
Protection mechanism failure in firmware for some Intel(R) SSD, Intel(R) SSD DC and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access.
CVE-2021-33069
Improper resource shutdown or release in firmware for some Intel(R) SSD, Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC may allow a privileged user to potentially enable denial of service via local access.
CVE-2021-33075
Race condition in firmware for some Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access.
CVE-2021-33083
Improper authentication in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow an privileged user to potentially enable information disclosure via local access.
CVE-2021-33082
Sensitive information in resource not removed before reuse in firmware for some Intel(R) SSD and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access.

Vulnerability Scoring Details
CVE V3.1 Vector(Base) Base Score V3.1 Vector(Temporal Score) Temporal Score
CVE-2021-33078 AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H 7.9 E:P/RL:O/RC:C 6.9
CVE-2021-33077 AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N 7.3 E:P/RL:O/RC:C 6.5
CVE-2021-33080 AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N 7.3 E:P/RL:O/RC:C 6.5
CVE-2021-33074 AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N 6.8 E:P/RL:O/RC:C 6.1
CVE-2021-33069 AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 6.0 E:P/RL:O/RC:C 5.4
CVE-2021-33075 AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 6.0 E:P/RL:O/RC:C 5.4
CVE-2021-33083 AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 6.0 E:P/RL:O/RC:C 5.4
CVE-2021-33082 AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 5.3 E:P/RL:O/RC:C 4.8

Fixed Product Version
Product FW UpdateVersion

NF5266M5
NF5280M5
NF8480M5		 SSDPED1K375GA
SSDPED1K750GA
SSDPED1K015TA
SSDPE21K015TA
SSDPE21K750GA
SSDPE21K375GA

NF5280M6		 SSDPF21Q016TB
SSDPF21Q800GB
SSDPF21Q400GB

Resolution

Please contact the Support Center directly to get the patch and relevant technical support.

Revision History

2022-07-08 V1.0 INITIAL

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00563.html

Support

For issues about implementing the recommendations of this Security Bulletin, contact normal KAYTUS Services Support channel. For other issues about the content of this Security Bulletin, send e-mail to sec@kaytus.com.

Report

To report a potential security vulnerability for KAYTUS product: Reporting a Security Vulnerability

Declaration

KAYTUS shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, KAYTUS disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement. In no event shall KAYTUS or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. KAYTUS is entitled to amend or update this document from time to time.