The latest security information on Intel® products.

Intel® Optane™ memory module update

Intel ID:
INTEL-SA-00114
Product family:
Intel® Optane™
Impact of vulnerability:
Information Disclosure
Severity rating:
Moderate
Original release:
07/10/2018
Last revised:
07/10/2018

Summary:

Information disclosure vulnerability in storage media in systems with Intel® Optane™ memory module with Whole Disk Encryption may allow an attacker to recover data via physical access.

Description:

Intel identified an issue where some systems configured with Whole Disk Encryption and an Intel® Optane™ memory module, may be at risk of data remaining unencrypted and potentially accessible under specific conditions.

Microsoft* BitLocker is required as the software-based Whole Disk Encryption solution on Intel® Optane™ memory enabled volumes.

Other software-based Whole Disk Encryption solutions are not supported.

Microsoft* BitLocker should be enabled before configuring the Intel® Optane™ memory module. Data migration to the Intel® Optane™ memory module takes place using the Intel® Rapid Storage Technology (Intel® RST) software.

Due to how Intel® RST software migrates data during the Intel® Optane™ memory enabling process, there is a small region on the non-Intel® Optane™ memory module that will be kept hidden from the host operating system. If Microsoft* BitLocker enablement occurs after configuring the Intel® Optane™ memory media device, this small region will not benefit from the Whole Disk Encryption and as a result, end-user data in the small region could possibly be at risk.

Affected products:

The issue potentially affects systems with Intel® Optane™ memory module and Microsoft* BitLocker enabled, based on:

•       7th Gen Intel® Core™ Desktop Processors

•       8th Gen Intel® Core™ Desktop Processors

•       8th Gen Intel® Core™ Mobile Processors

•       Intel® Core™ X-Series Processors

•       Intel® Xeon® E Processors

Affected configurations:

          Intel® Optane™ Memory + Whole Disk Encryption

 

Configuration

Potentially affected by CVE-2018-3619

Intel® Optane™ Memory

SW based Whole Disk Encryption

Y

Y

Y

Y

N

N

N

Y

N

N

N

N

 

 

CVE ID

CVE Title

CVSSv3 severity

CVSSv3 Vectors

CVE-2018-3619

Information disclosure vulnerability in storage media in systems with Intel® Optane™ memory module with Whole Disk Encryption may allow an attacker to recover data via physical access

5.3 (Moderate)

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

 

Recommendations:

      1.     Intel requires users who want Whole Disk Encryption with Intel® Optane™ memory to use  Microsoft* BitLocker. The use of other software Whole Disk Encryption solutions is not supported.

      2.     Enable Microsoft* BitLocker before configuring the Intel® Optane™ memory device.

      3.   Intel requires following these steps to ensure the Intel® Optane™ memory with Microsoft* BitLocker is configured properly:

1.     Launch Intel® RST User Interface(UI)/Intel® Optane™ Memory UI

2.     Disable Intel® Optane™ memory

3.     Enable Intel® Optane™ memory again

§  Check the following link for detailed instructions to disable and enable Intel® Optane™ memory: https://www.intel.com/content/dam/support/us/en/documents/memory-and-storage/optane-memory/intel-optane-memory-user-installation.pdf

§  Refer to section 2.1.4 for disabling Intel® Optane™ and section 2.1.3 for enabling Intel® Optane™ using Intel® Optane Memory UI

§  Refer to section 2.2.2 for disabling Intel® Optane™ and section 2.2.1 for enabling Intel® Optane™ using Intel® Optane Memory UI

Acknowledgements:

CVE-2018-3619 was discovered by Intel.

Revision History

Revision Date Description
1.0 07/10/2018
Initial Release

CVE Name: CVE-2018-3619

Legal Notices and Disclaimers

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at https://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.

*Other names and brands may be claimed as the property of others.
Copyright © Intel Corporation 2019

Report a Vulnerability

If you have information about a security issue or vulnerability with an Intel branded product or technology, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

  • The products and versions affected
  • Detailed description of the vulnerability
  • Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

Need product support?

The secure@intel.com e-mail address should only be used for reporting security issues.

If you...

  • Have questions about the security features of an Intel product
  • Require technical support
  • Want product updates or patches


Please visit Support & Downloads.