Skip to main content

Quickassist Technology CVE-2025-31937

MEDIUM
Out-of-bounds Read (CWE-125)
2025-11-11 secure@intel.com
5.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.7 MEDIUM
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 19:21 vuln.today
CVE Published
Nov 11, 2025 - 17:15 nvd
MEDIUM 5.7

DescriptionCVE.org

Out-of-bounds read for some Intel(R) QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow a denial of service. System software adversary with an authenticated user combined with a high complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

AnalysisAI

Out-of-bounds read for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 5.7). No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Out-of-bounds read for some Intel(R) QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow a denial of service. System software adversary with an authenticated user combined with a high complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. Affected products include: Intel Quickassist Technology. Version information: version 2.6.0..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2023-32641 HIGH
8.8 Nov 14

Improper input validation in firmware for Intel(R) QAT before version QAT20.L.1.0.40-00004 may allow escalation of privi

CVE-2023-28741 HIGH
7.8 Nov 14

Buffer overflow in some Intel(R) QAT drivers for Windows - HW Version 1.0 before version 1.10 may allow an authenticated

CVE-2023-28740 HIGH
7.8 Nov 14

Uncontrolled search path element in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allo

CVE-2020-12333 HIGH
7.8 Nov 12

Insufficiently protected credentials in the Intel(R) QAT for Linux before version 1.7.l.4.10.0 may allow an authenticate

CVE-2024-31858 HIGH
7.3 Feb 12

Out-of-bounds write for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow an authenticated us

CVE-2018-12193 MEDIUM
5.5 Oct 10

Insufficient access control in driver stack for Intel QuickAssist Technology for Linux before version 4.2 may allow an u

CVE-2024-29223 MEDIUM
5.4 Feb 12

Uncontrolled search path for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow an authenticat

CVE-2024-31153 MEDIUM
5.1 Feb 12

Improper input validation for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow an authentica

CVE-2025-33000 HIGH
7.3 Nov 11

Improper input validation for some Intel QuickAssist Technology before version 2.6.0 within Ring 3: User Applications ma

CVE-2025-32732 MEDIUM
5.8 Nov 11

Buffer overflow for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 5.8), this vuln

CVE-2025-32446 MEDIUM
6.8 Nov 11

Untrusted pointer dereference for some Intel QuickAssist Technology software before version 2.6.0 within Ring 3: User Ap

CVE-2025-32088 MEDIUM
4.8 Nov 11

Improper conditions check for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 4.8),

Share

CVE-2025-31937 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy