Skip to main content

Quickassist Technology CVE-2025-32446

MEDIUM
Untrusted Pointer Dereference (CWE-822)
2025-11-11 secure@intel.com
6.8
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 19:21 vuln.today
CVE Published
Nov 11, 2025 - 17:15 nvd
MEDIUM 6.8

DescriptionCVE.org

Untrusted pointer dereference for some Intel QuickAssist Technology software before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a low complexity attack may enable data manipulation. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (high) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

AnalysisAI

Untrusted pointer dereference for some Intel QuickAssist Technology software before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-822. Untrusted pointer dereference for some Intel QuickAssist Technology software before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a low complexity attack may enable data manipulation. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (high) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. Affected products include: Intel Quickassist Technology. Version information: version 2.6.0.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-32641 HIGH
8.8 Nov 14

Improper input validation in firmware for Intel(R) QAT before version QAT20.L.1.0.40-00004 may allow escalation of privi

CVE-2023-28741 HIGH
7.8 Nov 14

Buffer overflow in some Intel(R) QAT drivers for Windows - HW Version 1.0 before version 1.10 may allow an authenticated

CVE-2023-28740 HIGH
7.8 Nov 14

Uncontrolled search path element in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allo

CVE-2020-12333 HIGH
7.8 Nov 12

Insufficiently protected credentials in the Intel(R) QAT for Linux before version 1.7.l.4.10.0 may allow an authenticate

CVE-2024-31858 HIGH
7.3 Feb 12

Out-of-bounds write for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow an authenticated us

CVE-2018-12193 MEDIUM
5.5 Oct 10

Insufficient access control in driver stack for Intel QuickAssist Technology for Linux before version 4.2 may allow an u

CVE-2024-29223 MEDIUM
5.4 Feb 12

Uncontrolled search path for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow an authenticat

CVE-2024-31153 MEDIUM
5.1 Feb 12

Improper input validation for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow an authentica

CVE-2025-33000 HIGH
7.3 Nov 11

Improper input validation for some Intel QuickAssist Technology before version 2.6.0 within Ring 3: User Applications ma

CVE-2025-32732 MEDIUM
5.8 Nov 11

Buffer overflow for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 5.8), this vuln

CVE-2025-32088 MEDIUM
4.8 Nov 11

Improper conditions check for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 4.8),

CVE-2025-31937 MEDIUM
5.7 Nov 11

Out-of-bounds read for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 5.7). No ven

Share

CVE-2025-32446 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy