Intel ID: INTEL-SA-00690 Advisory Category: Software Impact of Vulnerability: Escalation of Privilege, Denial of Service Severity Rating: MEDIUM Original Release: 08/08/2023 Last Revised: 08/08/2023 Summary Potential security vulnerabilities in some Intel® SSD Tools software may allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details CVE-2023-28736 Description: Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access. CVSS Base Score: 5.7 Medium CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2023-28938 Description: Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable denial of service via local access. CVSS Base Score: 3.4 Low CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L Affected Products Intel® SSD Tools software before version mdadm-4.2-rc2. Recommendation Intel recommends updating Intel® SSD Tools software to version mdadm-4.2-rc2 or later. Updates are available for download at this location: https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git Acknowledgements These issues were found internally by an Intel employee. Intel would like to thank Nimish Verma.