Intel has pushed out fixes for Optane SSD bugs that first emerged a year ago.
While rated as “high” rather than “critical”, with Common Vulnerability Scoring System ratings over 7, the bugs will have knock-on impacts on any servers using the affected Optane SSD and Optane SSD Data Center firmware.
There are three Common Vulnerabilities and Exposures (CVE) numbers rated high.
CVE-2021-33078 is a race condition in a firmware thread, giving a privileged user a vector for denial-of-service.
In CVE-2021-33077, a flow control management bug could be exploited by an unauthenticated local user to escalate their privilege.
And in CVE-2021-33080, an unauthenticated local user could gain sensitive information or escalation of privilege, because of uncleared debug information in the firmware.
Affected and supported products include all versions of Optane SSD DC D4800X; SSD DC P4800X and P4801X before version E2010600; SSD P5800X Series before version L3010200; all versions of SSD 905P/900P; and all versions of Optane Memory H10 and H20 with solid state storage.