Image: HPE

Hewlett Packard Enterprise (HPE) issued a security advisory last week warning customers about a bug in the firmware of some SAS SSDs (Serial-Attached SCSI solid-state drives) that will fail after reaching 40,000 hours of operation -- which is 4 years, 206 days, and 16 hours after the SSD has been put into operation.

HPE says that based on when affected SSDs have been manufactured and sold, the earliest failures are expected to occur starting with October this year.

The company has released firmware updates last week to address the issue. HPE warns that if companies fail to install the update, they risk losing both the SSD and the data. "After the SSD failure occurs, neither the SSD nor the data can be recovered," the company explained.

The bug is nearly identical to another issue the company disclosed in November 2019, which also permanently crashed HPE SAS SSDs, but after 32,768 hours of operation (3 years, 270 days, and 8 hours). However, today's bug impacts far fewer SAS SSD models than the previous issue.

Just like last year, HPE said it learned of the bug from another SSD manufacturer that uses its products.

The SAS SSD models impacted by today's bug are listed in the table at the bottom of this article. HPE said some SSD models are sold as standalone products, but others are incorporated inside other HPE products -- such as HPE ProLiant, Synergy, Apollo 4200, Synergy Storage Modules, D3000 Storage Enclosure, StoreEasy 1000 Storage.

All HPE SAS SSDs running an HPE firmware version prior to HPD7 are impacted. Applying the latest firmware update fixes the issue and prevents the SSD failure and data loss.

Firmware download links are available in the official HPE advisory, along with instructions on how to apply the firmware update, and how to check an SSD's uptime to see how many hours companies have at their disposal to schedule a maintenance window and apply the updated firmware.