Details of VAR-202205-1000

ID

VAR-202205-1000

CVE

CVE-2021-33078

TITLE

Race Condition Vulnerability in Multiple Intel Products

Trust: 0.8

sources: JVNDB: JVNDB-2021-019585

DESCRIPTION

Race condition within a thread in firmware for some Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access

Trust: 1.71

sources: NVD: CVE-2021-33078 // JVNDB: JVNDB-2021-019585 // VULMON: CVE-2021-33078

AFFECTED PRODUCTS

vendor:	intel	model:	optane ssd 905p	scope:	lt	version:	fw600	Trust: 1.0
vendor:	intel	model:	optane memory h10 with solid state storage	scope:	lt	version:	tgf061k	Trust: 1.0
vendor:	intel	model:	optane memory h20 with solid state storage	scope:	lt	version:	pgf028k	Trust: 1.0
vendor:	intel	model:	optane ssd p5800x	scope:	lt	version:	l0310200	Trust: 1.0
vendor:	intel	model:	optane ssd dc p4801x	scope:	lt	version:	e2010600	Trust: 1.0
vendor:	intel	model:	optane ssd 900p	scope:	lt	version:	fw600	Trust: 1.0
vendor:	intel	model:	optane ssd dc p4800x	scope:	lt	version:	e2010600	Trust: 1.0
vendor:	インテル	model:	optane ssd dc p4801x	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	optane ssd dc p4800x	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	optane memory h20 with solid state storage	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel optane ssd 900p	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	optane ssd p5800x	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel optane ssd 905p	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	optane memory h10 with solid state storage	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-019585 // NVD: CVE-2021-33078

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2021-33078
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-202205-3143
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-33078
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	4.7
vectorString:	AV:L/AC:M/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	6.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2021-33078
severity:	MEDIUM
baseScore:	4.7
vectorString:	AV:L/AC:M/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.9

NVD:
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-33078
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-33078 // JVNDB: JVNDB-2021-019585 // NVD: CVE-2021-33078 // CNNVD: CNNVD-202205-3143

PROBLEMTYPE DATA

problemtype:	CWE-362	Trust: 1.0
problemtype:	Race condition (CWE-362) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-019585 // NVD: CVE-2021-33078

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-3143

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-202205-3143

CONFIGURATIONS

sources: NVD: CVE-2021-33078

PATCH

title:	Multiple Intel Repair measures for product competition conditions	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=193561	Trust: 0.6
title:	Threatpost	url:	https://threatpost.com/intel-memory-bug-poses-risk-for-hundreds-of-products/179595/	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2022/05/12/intel_product_bugs/	Trust: 0.1

sources: VULMON: CVE-2021-33078 // CNNVD: CNNVD-202205-3143

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33078	Trust: 3.3
db:	JVN	id:	JVNVU93344744	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-019585	Trust: 0.8
db:	CNNVD	id:	CNNVD-202205-3143	Trust: 0.6
db:	VULMON	id:	CVE-2021-33078	Trust: 0.1

sources: VULMON: CVE-2021-33078 // JVNDB: JVNDB-2021-019585 // NVD: CVE-2021-33078 // CNNVD: CNNVD-202205-3143

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00563.html	Trust: 2.5
url:	https://www.solidigm.com/content/dam/newco-aem-site/master/site/support/solidigm%20sa-000563%20rev1.1.pdf	Trust: 1.6
url:	https://jvn.jp/vu/jvnvu93344744/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33078	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2021-33078/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/362.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/intel-memory-bug-poses-risk-for-hundreds-of-products/179595/	Trust: 0.1

sources: VULMON: CVE-2021-33078 // JVNDB: JVNDB-2021-019585 // NVD: CVE-2021-33078 // CNNVD: CNNVD-202205-3143

SOURCES

db:	VULMON	id:	CVE-2021-33078
db:	JVNDB	id:	JVNDB-2021-019585
db:	NVD	id:	CVE-2021-33078
db:	CNNVD	id:	CNNVD-202205-3143

LAST UPDATE DATE

2023-12-18T11:51:55.246000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-33078	date:	2022-05-19T00:00:00
db:	JVNDB	id:	JVNDB-2021-019585	date:	2023-08-04T08:29:00
db:	NVD	id:	CVE-2021-33078	date:	2022-10-06T18:18:31.907
db:	CNNVD	id:	CNNVD-202205-3143	date:	2022-09-21T00:00:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-33078	date:	2022-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2021-019585	date:	2023-08-04T00:00:00
db:	NVD	id:	CVE-2021-33078	date:	2022-05-12T17:15:09.043
db:	CNNVD	id:	CNNVD-202205-3143	date:	2022-05-12T00:00:00