CVE-2018-12037, VU#395981: Self-Encrypting Drives Have Multiple Vulnerabilities


Microsoft and Samsung have updated information, and US-CERT has some warnings:

Telemetry: Enhancing Customer Triage of Intel® SSDs

by Behnam Eliyahu and Monika Sane

Telemetry refers to an umbrella of tools, utilities, and protocols to remotely extract and decode information for debugging potential issues with Intel® SSDs. Telemetry works over industry standard protocols, and eliminates or minimizes the need to remove SSDs from customer systems for retrieving debug logs. Telemetry thus enables host tools, Intel technical sales specialists, (TSS), Intel application engineers (AEs), and Intel engineering teams to better identify and debug performance excursions, exception events and critical failures in Intel® SSDs, without sending the physical drive to Intel for failure analysis. This capability is designed in accordance with NVMe* 1.3 telemetry specifications as well as corresponding ACS 4 SATA definitions (which are common industry standards), and is expected to accelerate debugging of external and internal bug sightings pertaining to Intel® SSDs. The key difference between NVMe and SATA is the fact that there is no controller-initiated capability on SATA drives.[…]



Microsoft Project Denali

Microsoft creates industry standards for datacenter hardware storage and security
March 20, 2018
Kushagra Vaid General Manager, Azure Hardware Infrastructure

Today I’m speaking at the Open Compute Project (OCP) U.S. Summit 2018 in San Jose where we are announcing a next generation specification for solid state device (SSD) storage, Project Denali. We’re also discussing Project Cerberus, which provides a critical component for security protection that to date has been missing from server hardware: protection, detection and recovery from attacks on platform firmware. Both storage and security are the next frontiers for hardware innovation, and today we’re highlighting the latest advancements across these key focus areas to further the industry in enabling the future of the cloud.[…]

Flash storage

Intel on SSD secure erase feature

What is secure erase, and is it certified on an Intel® SSD?
by Doug DeVetter | July 31, 2017
Intel SSD used with Secure Erase

I’m often asked whether the secure erase feature within Intel® SSDs is certified by NIST, U.S. DoD, or other government or industry bodies. Intel has implemented the secure erase feature consistent with the ATA and NVMe specifications. The designs and implementations have been internally reviewed and validated. A third-party has tested the implementation on a subset of our products and reported that the data was unrecoverable. Intel is unaware of any industry or government body which certifies or approves the implementation of this technical capability. NIST SP 800-88 is often cited as the guideline to be followed in the United States with regard to secure erase. NIST provides guidelines, however, NIST does not certify compliance to these guidelines. In addition to being consistent with the ATA and NVMe specifications, our implementation of secure erase is in line with the NIST guidelines for data sanitization.[…]

Intel SSD Toolbox EoP vulnerability

Intel® Solid State Drive Toolbox™ Escalation of Privilege Vulnerability

Intel ID: INTEL-SA-00074
Product family: Intel® Solid State Drive Toolbox™
Impact of vulnerability: Elevation of Privilege
Severity rating: Important
Original release: May 30, 2017

There is an escalation of privilege vulnerability in the Intel® Solid State Drive Toolbox™ versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary code.[…]

EoP vulnerability in Intel SSD Toolbox

Exercpting Intel’s Security Advisory:

Vulnerability in Intel SSD Toolbox allows authenticated users to elevate privileges via updater subsystem
Intel ID:      INTEL-SA-00061
Product family:      Intel® Solid-State Drive Consumer, Professional, Embedded and Data Center
Impact of vulnerability:      Elevation of Privilege
Severity rating:      Important
Original release:      Oct 04, 2016

The vulnerability allows a potentially malicious 3rd party to gain the highest possible elevation of privilege level in the Operating System. The root cause of the vulnerability has been identified as an implementation bug in the updater subsystem of the Intel SSD Toolbox. Intel strongly recommends customers impacted by this issue to upgrade to the latest version listed in the table above. This issue was reported to Intel by Florian Bogner @ Kapsch BusinessCom AG.

Intel SSD vulnerability

Intel Security Center reports a vulnerability in some Intel SSD drives. See the full announcement for model specifics.

Vulnerability impacting the Intel® Solid-State Drive 540s Series, Intel® Solid State Drive E 5400s Series and Intel® Solid State Drive DC S3100 Series drives

Intel ID:      INTEL-SA-00053
Product family:      Intel® Solid-State Drive Consumer, Embedded and Data Center
Impact of vulnerability:      Elevation of Privilege
Severity rating:      Moderate
Original release:      Jun 14, 2016

A vulnerability was identified in the Intel® Solid-State Drive 540s Series, Intel® Solid State Drive E 5400s Series and Intel® Solid State Drive DC S3100 Series leading to a potential data corruption issue. A vulnerability was identified in the Intel® Solid-State Drive 540s Series, Intel® Solid State Drive E 5400s Series and Intel® Solid State Drive DC S3100 Series leading to a potential data corruption issue. This may occur If the Intel® Solid-State Drive 540s Series, Intel® Solid State Drive E 5400s Series or Intel® Solid State Drive DC S3100 Series drives receive a read or write command during ATA security locked state. Intel has not received any reports of any Intel SSD products having experienced this issue. Intel strongly recommends that customers with the listed products download and apply the mitigated firmware version using the update source outlined above.

AMI’s StorTrends granted 3 new flash storage patents

SPOILER ALERT: This post discusses patents. If you’re an employee at a company, ask your manager if you’re able to read this sort of information…..

Monday AMI announced that StorTrends(R), their data storage division, has been granted three U.S. Patents related to flash storage. Excerpting their press release:

AMI was granted U.S. Patent No. 8,954,339 on Data Deduplication for Information Storage Systems, which was filed on April 18, 2012. This awarded patent covers the means to have deduplication run at optimal and efficient space-saving levels. Specifically, it optimizes the amount of system RAM space used in the system to reduce (or dedupe) terabytes worth of data without affecting performance. In terms of customer benefit, this greatly reduces the amount of SSD capacity that a company is required to purchase within the SAN while also delivering the lowest latency in the industry to significantly increase value and response times within an IT environment.

AMI was granted the second patent — U.S. Patent No. 8,812,811 on Data Migration between Multiple Tiers in a Storage System — which was filed on August 10, 2012. This awarded patent covers the means that StorTrends utilizes to efficiently analyze blocks of data and move the individual blocks among different tiers of storage. Customers lower their costs significantly from StorTrends taking the highly accessed blocks of data in the environment and putting only those blocks into the expensive drive SSD tiers, while the less frequently accessed blocks occupy only the lower, less expensive tier of the storage array.

AMI was granted the third patent—Patent No. 8,711,851 on Multi-Protocol Data Transfers — which was filed on July 18, 2008. This patent covers the means that StorTrends uses to maximize the reliability of transmission control protocol and the performance of user datagram protocol to ensure that StorTrends’ replication is the fastest in the industry. This decreases replication management and increases the possible recovery point objective (RPO) for a customer by giving more available bandwidth for the blocks that need to go to their disaster recovery (DR) location. StorTrends also incorporates periodicity, which allows the customer to set the priority bandwidth for the replication of the data and avoid bogging down the network during peak business hours. The Wide-Area Data Services (WDS) technology suite includes data deduplication, compression, encryption, and WAN optimization. This technology ensures that the primary site stays in-sync with the secondary site, allowing for increased RPO and recovery time objective.

Read the full press release here:

AMI launches MG9005 controller for NVMe SSD storage

Today AMI (American Megatrends, Inc.) launches a new enclosure solution for NVM Express SSD Subsystems. The controller is firmware-upgradable through SMBUS.

A true, single-chip solution, the MG9095 backplane controller ships ready to use with no custom firmware or programming required,” said Subramonian Shankar, AMI CEO.

Read the full announcement: