Intel Optane PMem Management Software Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in the Intel Optane PMem management software versions prior to CR_MGMT_02.00.00.4052 and CR_MGMT_03.00.00.0538. The vulnerability arises from improper condition checks within Ring 3: User Applications, potentially allowing an unprivileged, authenticated user to escalate privileges. This high-complexity attack may require local access and active user interaction, without the need for special internal knowledge. The vulnerability could significantly impact the system's confidentiality, integrity, and availability.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an attacker to gain elevated rights or access within the system.

Remediation

Users are advised to update the Intel Optane PMem management software to versions CR_MGMT_01.00.00.3584, CR_MGMT_02.00.00.4052, CR_MGMT_03.00.00.0538 or later. Version CR_MGMT_02.00.00.4052 is only applicable for Windows operating systems. Updates are available on the Intel GitHub repository or through the Intel IPU 2026.1 Update Guidance document. Intel has also announced the discontinuation of support for the Intel Optane PMem 100 Series management software after June 30, 2025.