CVE-2023-24588

Vulnerability

The firmware in some Intel(R) Optane(TM) SSD products contains an exposure of sensitive information to an unauthorized actor [1]. This vulnerability allows an unauthenticated user to potentially disclose sensitive data via physical access. Affected products include specific models of Intel Optane SSDs; the advisory [1] lists the exact affected firmware versions.

Exploitation

An attacker must have physical access to the target SSD. No authentication or user interaction is required. The attacker can exploit the firmware vulnerability by directly interfacing with the device to read sensitive information stored in the firmware.

Impact

Successful exploitation results in information disclosure of sensitive data from the firmware. This could include cryptographic keys, configuration parameters, or other proprietary information. The attacker gains unauthorized access to this data, potentially compromising the security of the system using the SSD.

Mitigation

Intel has released a firmware update to address this vulnerability. Users should update the firmware on affected Intel Optane SSD products to the latest version provided by Intel [1]. No workarounds are available; updating the firmware is the recommended mitigation.