CVE-2021-0148

Name: CVE-2021-0148
Creator: NVD / NIST
Published: 2021-11-17T20:15:09.227+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 4.4/10EPSS 0.24%

Last modified Jun 17, 2026

CVE-2021-0148 is a medium-severity vulnerability rated 4.4/10 on the CVSS scale. Insertion of information into log file in firmware for some Intel(R) SSD DC may allow a privileged user to potentially enable information disclosure via local access.. EPSS estimates a 0.24% chance of exploitation in the next 30 days.

Description

Insertion of information into log file in firmware for some Intel(R) SSD DC may allow a privileged user to potentially enable information disclosure via local access.

Metrics

CVSS 3.1

4.4/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

0.24%

15.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-532

Affected Software

Vendor	Product	Versions
Intel	Ssd Dc D4512 Firmware	< et10
Intel	Ssd Dc P4510 U.2 Firmware	< vdv10182
Intel	Ssd Dc P4510 Edsff Firmware	< vdv10284
Intel	Ssd Dc P4511 Edsff Firmware	< vdv10284
Intel	Ssd Dc P4511 M.2 Firmware	< vdv10384
Intel	Ssd Dc P4610 U.2 Firmware	< vdv10182
Intel	Ssd Dc P4618 Firmware	< vdv10182
Intel	Ssd D-S4510 Firmware	< xcv10140
Intel	Ssd D7-P5608 Firmware	< 2cv1r106
Intel	Ssd D7-P5500 Firmware	< 1.2.0
Intel	Ssd D7-P5600 Firmware	< 1.2.0
Intel	Ssd D5-P4320 Firmware	All versions
Intel	Ssd D5-P4420 Firmware	All versions
Intel	Ssd D5-P4326 Firmware	All versions
Intel	Ssd Dc P4500 Firmware	All versions
Intel	Ssd Dc P4501 Firmware	All versions
Intel	Ssd Dc P4600 Firmware	All versions
Intel	Ssd Dc P4608 Firmware	All versions
Intel	Ssd D7-P5500 Firmware	< 2cv1c030
Intel	Ssd D7-P5500 Firmware	< 2cv1r106
Intel	Ssd D7-P5500 Firmware	< 2cv1l029
Intel	Ssd D7-P5600 Firmware	< 2cv1l029
Intel	Ssd D7-P5600 Firmware	< 2cv1c030

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00535.htmlVendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00535.htmlVendor Advisory

Timeline

Published: Nov 17, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-0148?

Insertion of information into log file in firmware for some Intel(R) SSD DC may allow a privileged user to potentially enable information disclosure via local access.

How severe is CVE-2021-0148?

CVE-2021-0148 has a CVSS score of 4.4/10 (MEDIUM severity). The EPSS model estimates a 0.24% probability of exploitation in the next 30 days.

How do I fix CVE-2021-0148?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-0148?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST