Intel Optane PMem Management Software Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in the Intel Optane PMem management software, affecting versions prior to CR_MGMT_01.00.00.3584, CR_MGMT_02.00.00.4052, and CR_MGMT_03.00.00.0538. The vulnerability arises from incorrect default permissions, which may allow an unprivileged, authenticated user to escalate privileges. Exploitation of this vulnerability could occur through local access, requiring active user interaction and without special internal knowledge. The vulnerability has the potential to impact the system's confidentiality, integrity, and availability, although these impacts would not extend to the system's overall confidentiality, integrity, or availability.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an authenticated user to gain elevated rights or access within the system.

Remediation

Users are advised to update the Intel Optane PMem management software to versions CR_MGMT_01.00.00.3584, CR_MGMT_02.00.00.4052, or CR_MGMT_03.00.00.0538. Version CR_MGMT_02.00.00.4052 is only applicable for Windows operating systems. After June 30, 2025, Intel Optane PMem 100 Series management software will no longer be supported, and users are recommended to migrate to a newer generation product.