The latest security information on Intel® products.
Intel® Optane™ memory module update
| Intel ID: |
INTEL-SA-00114 |
|---|---|
| Product family: |
Intel® Optane™ |
| Impact of vulnerability: |
Information Disclosure |
| Severity rating: |
Moderate |
| Original release: |
07/10/2018 |
| Last revised: |
07/10/2018 |
Summary:
Information disclosure vulnerability in storage media in systems with Intel® Optane™ memory module with Whole Disk Encryption may allow an attacker to recover data via physical access.
Description:
Intel identified an issue where some systems configured with Whole Disk Encryption and an Intel® Optane™ memory module, may be at risk of data remaining unencrypted and potentially accessible under specific conditions.
Microsoft* BitLocker is required as the software-based Whole Disk Encryption solution on Intel® Optane™ memory enabled volumes.
Other software-based Whole Disk Encryption solutions are not supported.
Microsoft* BitLocker should be enabled before configuring the Intel® Optane™ memory module. Data migration to the Intel® Optane™ memory module takes place using the Intel® Rapid Storage Technology (Intel® RST) software.
Due to how Intel® RST software migrates data during the Intel® Optane™ memory enabling process, there is a small region on the non-Intel® Optane™ memory module that will be kept hidden from the host operating system. If Microsoft* BitLocker enablement occurs after configuring the Intel® Optane™ memory media device, this small region will not benefit from the Whole Disk Encryption and as a result, end-user data in the small region could possibly be at risk.
Affected products:
The issue potentially affects systems with Intel® Optane™ memory module and Microsoft* BitLocker enabled, based on:
• 7th Gen Intel® Core™ Desktop Processors
• 8th Gen Intel® Core™ Desktop Processors
• 8th Gen Intel® Core™ Mobile Processors
• Intel® Core™ X-Series Processors
• Intel® Xeon® E Processors
Affected configurations:
Intel® Optane™ Memory + Whole Disk Encryption
Configuration |
Potentially affected by CVE-2018-3619 |
|
Intel® Optane™ Memory |
SW based Whole Disk Encryption |
|
Y |
Y |
Y |
Y |
N |
N |
N |
Y |
N |
N |
N |
N |
CVE ID |
CVE Title |
CVSSv3 severity |
CVSSv3 Vectors |
CVE-2018-3619 |
Information disclosure vulnerability in storage media in systems with Intel® Optane™ memory module with Whole Disk Encryption may allow an attacker to recover data via physical access |
5.3 (Moderate) |
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
Recommendations:
1. Intel requires users who want Whole Disk Encryption with Intel® Optane™ memory to use Microsoft* BitLocker. The use of other software Whole Disk Encryption solutions is not supported.
2. Enable Microsoft* BitLocker before configuring the Intel® Optane™ memory device.
3. Intel requires following these steps to ensure the Intel® Optane™ memory with Microsoft* BitLocker is configured properly:
- Confirm Microsoft* BitLocker is ON. Check the Microsoft website for instructions: https://social.technet.microsoft.com/wiki/contents/articles/969.how-to-determine-if-bitlocker-drive-encryption-is-enabled.aspx
- Follow these steps to ensure your system is properly configured:
1. Launch Intel® RST User Interface(UI)/Intel® Optane™ Memory UI
2. Disable Intel® Optane™ memory
3. Enable Intel® Optane™ memory again
§ Check the following link for detailed instructions to disable and enable Intel® Optane™ memory: https://www.intel.com/content/dam/support/us/en/documents/memory-and-storage/optane-memory/intel-optane-memory-user-installation.pdf
§ Refer to section 2.1.4 for disabling Intel® Optane™ and section 2.1.3 for enabling Intel® Optane™ using Intel® Optane™ Memory UI
§ Refer to section 2.2.2 for disabling Intel® Optane™ and section 2.2.1 for enabling Intel® Optane™ using Intel® Optane™ Memory UI
Acknowledgements:
CVE-2018-3619 was discovered by Intel.
CVE Name: CVE-2018-3619
Legal Notices and Disclaimers
Intel provides these materials as-is, with no express or implied warranties.
All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.
Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.
Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article.
Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.
Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.
© Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries United States and other countries. Other names and brands may be claimed as the property of others.
Report a Vulnerability
If you have information about a security issue or vulnerability with an Intel branded product or technology, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.
Please provide as much information as possible, including:
- The products and versions affected
- Detailed description of the vulnerability
- Information on known exploits
A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:
For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.
Need product support?
If you...
- Have questions about the security features of an Intel product
- Require technical support
- Want product updates or patches
Please visit Support & Downloads.