cvelistv5 - cve-2021-33074

CVE-2021-33074 (GCVE-0-2021-33074)

Vulnerability from cvelistv5

Published

2022-05-12 16:35

Modified

2025-05-05 16:52

Severity ?

4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

information disclosure

Summary

Protection mechanism failure in firmware for some Intel(R) SSD, Intel(R) SSD DC and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access.

References

URL

Tags

	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00563.html	x_refsource_MISC
	https://www.solidigm.com/content/dam/newco-aem-site/master/site/support/Solidigm%20SA-000563%20rev1.1.pdf	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Intel(R) SSD, Intel(R) SSD DC and Intel(R) Optane(TM) SSD Products	Version: See references

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:42:19.126Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00563.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.solidigm.com/content/dam/newco-aem-site/master/site/support/Solidigm%20SA-000563%20rev1.1.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "PHYSICAL",
              "availabilityImpact": "NONE",
              "baseScore": 4.6,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-33074",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:20:55.361447Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "NVD-CWE-Other",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-05T16:52:24.225Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Intel(R) SSD, Intel(R) SSD DC and Intel(R) Optane(TM) SSD Products",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See references"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Protection mechanism failure in firmware for some Intel(R) SSD, Intel(R) SSD DC and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "information disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-20T14:12:19.000Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00563.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.solidigm.com/content/dam/newco-aem-site/master/site/support/Solidigm%20SA-000563%20rev1.1.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2021-33074",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Intel(R) SSD, Intel(R) SSD DC and Intel(R) Optane(TM) SSD Products",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "See references"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Protection mechanism failure in firmware for some Intel(R) SSD, Intel(R) SSD DC and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "information disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00563.html",
              "refsource": "MISC",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00563.html"
            },
            {
              "name": "https://www.solidigm.com/content/dam/newco-aem-site/master/site/support/Solidigm%20SA-000563%20rev1.1.pdf",
              "refsource": "MISC",
              "url": "https://www.solidigm.com/content/dam/newco-aem-site/master/site/support/Solidigm%20SA-000563%20rev1.1.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2021-33074",
    "datePublished": "2022-05-12T16:35:58.000Z",
    "dateReserved": "2021-05-18T00:00:00.000Z",
    "dateUpdated": "2025-05-05T16:52:24.225Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2022-AVI-444

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Intel Manageability Commander versions antérieures à 2.2
Intel In-Band Manageability versions antérieures à 2.13.0
Pilotes du noyau Linux Intel SGX fournis par Intel versions 2.14 et antérieures. Les pilotes Intel SGX ont été intégrés au noyau Linux depuis la version 5.11.
Intel Killer Control Center versions antérieures à 2.4.3337.0
Intel Advisor software versions antérieures à 7.6.0.37
Intel XTU software versions antérieures à 7.3.0.33

Se référer aux avis de l'éditeur pour les vulnérabilités concernant les micrologiciels et matériels Intel.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00663 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00654 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00519 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00595 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00648 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00614 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00661 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00613 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00617 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00563 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00586 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00616 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00549 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00644 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00601 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00603 du 10 mai 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eIntel Manageability Commander versions ant\u00e9rieures \u00e0 2.2\u003c/li\u003e \u003cli\u003eIntel In-Band Manageability versions ant\u00e9rieures \u00e0 2.13.0\u003c/li\u003e \u003cli\u003ePilotes du noyau Linux Intel SGX fournis par Intel versions 2.14 et ant\u00e9rieures. Les pilotes Intel SGX ont \u00e9t\u00e9 int\u00e9gr\u00e9s au noyau Linux depuis la version 5.11.\u003c/li\u003e \u003cli\u003eIntel Killer Control Center versions ant\u00e9rieures \u00e0 2.4.3337.0\u003c/li\u003e \u003cli\u003eIntel Advisor software versions ant\u00e9rieures \u00e0 7.6.0.37\u003c/li\u003e \u003cli\u003eIntel XTU software versions ant\u00e9rieures \u00e0 7.3.0.33\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eSe r\u00e9f\u00e9rer aux avis de l\u0027\u00e9diteur pour les vuln\u00e9rabilit\u00e9s concernant les micrologiciels et mat\u00e9riels Intel.\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-33117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33117"
    },
    {
      "name": "CVE-2021-33135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33135"
    },
    {
      "name": "CVE-2021-33075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33075"
    },
    {
      "name": "CVE-2021-0155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0155"
    },
    {
      "name": "CVE-2021-0154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0154"
    },
    {
      "name": "CVE-2022-21151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21151"
    },
    {
      "name": "CVE-2021-0188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0188"
    },
    {
      "name": "CVE-2021-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0159"
    },
    {
      "name": "CVE-2021-33080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33080"
    },
    {
      "name": "CVE-2021-33108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33108"
    },
    {
      "name": "CVE-2021-33103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33103"
    },
    {
      "name": "CVE-2021-33123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33123"
    },
    {
      "name": "CVE-2022-22139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22139"
    },
    {
      "name": "CVE-2021-33078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33078"
    },
    {
      "name": "CVE-2021-33122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33122"
    },
    {
      "name": "CVE-2021-26258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26258"
    },
    {
      "name": "CVE-2021-33130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33130"
    },
    {
      "name": "CVE-2022-0005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0005"
    },
    {
      "name": "CVE-2021-0190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0190"
    },
    {
      "name": "CVE-2022-24297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24297"
    },
    {
      "name": "CVE-2021-33082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33082"
    },
    {
      "name": "CVE-2021-33077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33077"
    },
    {
      "name": "CVE-2021-33124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33124"
    },
    {
      "name": "CVE-2021-33069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33069"
    },
    {
      "name": "CVE-2021-0194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0194"
    },
    {
      "name": "CVE-2021-33083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33083"
    },
    {
      "name": "CVE-2022-21136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21136"
    },
    {
      "name": "CVE-2021-0126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0126"
    },
    {
      "name": "CVE-2022-21237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21237"
    },
    {
      "name": "CVE-2021-33107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33107"
    },
    {
      "name": "CVE-2022-24382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24382"
    },
    {
      "name": "CVE-2021-33149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33149"
    },
    {
      "name": "CVE-2021-33074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33074"
    },
    {
      "name": "CVE-2022-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21131"
    },
    {
      "name": "CVE-2022-0004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0004"
    },
    {
      "name": "CVE-2022-21128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21128"
    },
    {
      "name": "CVE-2021-0153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0153"
    },
    {
      "name": "CVE-2021-0193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0193"
    },
    {
      "name": "CVE-2021-0189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0189"
    }
  ],
  "initial_release_date": "2022-05-11T00:00:00",
  "last_revision_date": "2022-05-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-444",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-05-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00663 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00663.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00654 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00654.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00519 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00519.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00595 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00595.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00648 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00648.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00614 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00614.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00661 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00661.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00613 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00613.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00617 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00563 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00563.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00586 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00586.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00616 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00616.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00549 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00549.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00644 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00644.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00601 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00603 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00603.html"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2021-33074 (GCVE-0-2021-33074)

Vulnerability from cvelistv5

CERTFR-2022-AVI-444

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature