CVE-2021-33069

Vulnerability

An improper resource shutdown or release vulnerability exists in the firmware of certain Intel SSDs, including Intel(R) SSD, Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC [1]. The affected versions are listed in the Intel advisory INTEL-SA-00563 [1]. The vulnerability occurs when system resources are not properly released or cleaned up, leading to a potential resource exhaustion condition.

Exploitation

An attacker must have local access to the system and possess elevated (privileged) user rights [1]. The attacker can exploit the improper resource management by triggering a sequence of I/O operations that fail to release the resource, gradually depleting available resources until the device becomes unresponsive.

Impact

Successful exploitation allows the attacker to cause a denial of service condition on the affected SSD [1]. This can lead to system instability, data unavailability, or complete system hang until the device is reset or power-cycled. The impact is limited to availability; no data confidentiality or integrity compromise is described.

Mitigation

Intel has released firmware updates to address this vulnerability. The specific fixed versions are detailed in the Intel advisory INTEL-SA-00563 [1]. Users should apply the latest firmware update from their device manufacturer or from Intel as soon as possible. No workaround is available [1].