Intel Memory Bug Poses Risk for Hundreds of Products

image
Chipmaker Intel is reporting a memory bug impacting microprocessor firmware used in “hundreds” of products. According to an advisory issued by the company on Tuesday, the bug is firmware-based and rated as “high” risk with a Common Vulnerability Scoring System (CVSS) score of 7. The vulnerability resides inside some of the Intel Optane SSD and Intel Optane Data Center (DC) products, the impact of which allows privilege escalation, denial of service (DoS), or information disclosure. Intel has released the firmware updates and prescriptive guidance for Optane SSD Bugs that first surfaced a year ago. Solid-state drives (SSD) are used for data storage. Intel optane memory is a system acceleration solution that is used to increase the response time to end-user requests, the Optane memory is installed between the processor and slower storage devices (SATA HDD, SSHD, SSD). The optane memory stores commonly used data and programs closer to the processor. The Intel Optane Data Center SSD is used to eliminate data center storage bottlenecks and provides storage for bigger and more affordable data sets, thus optimizing the overall performance. Vulnerability Details CVE-2021-33078 According to Intel, it has the CVSS base score of 7.9 and is described as a Race condition within a thread in Intel Optane SSD and Intel Optane SSD DC products. An attacker gaining privileged user access may perform a denial-of-service attack via local access. The race condition occurs when two thread tries…

Source