SB2023112212 - Multiple vulnerabilities in Intel Optane SSD firmware

Security Bulletin ID SB2023112212

Severity

Low

Patch available

YES

Number of vulnerabilities 5

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Insufficient Control Flow Management (CVE-ID: CVE-2023-24587)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient control flow management. A local user can perform a denial of service (DoS) attack.

2) Input validation error (CVE-ID: CVE-2023-27519)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A local user can execute arbitrary code with elevated privileges.

3) Improper access control (CVE-ID: CVE-2023-27879)

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to improper access restrictions. An attacker with physical access to the system can obtain potentially sensitive information.

4) Improper Initialization (CVE-ID: CVE-2023-27306)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization. A local user can run a specially crafted application to perform a denial of service (DoS) attack.

5) Information disclosure (CVE-ID: CVE-2023-24588)

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output. An attacker with physical access to the system gain unauthorized access to sensitive information.

Remediation

Install update from vendor's website.

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html