Skip to main content

Slim Bootloader May Allow An Escalation Of Privilege System Software Adversary With A Privileged User Combined With A Low Complexity Attack May Enable Local Code Execution This Result May Potentially Occur Via Local Access When Attack Requirements Are Present Without Special Internal Knowledge And Requires No User Interaction The Potential Vulnerability May Impact The Confidentiality High Integrity High And Availability High Of The Vulnerable System Resulting In Subsequent System Confidentiality High Integrity High And Availability High Impacts CVE-2026-20753

| EUVDEUVD-2026-29524 HIGH
Integer Overflow or Wraparound (CWE-190)
2026-05-12 intel GHSA-q695-vc4p-4hjx
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

3
CVSS changed
May 12, 2026 - 17:22 NVD
8.7 (HIGH)
CVE Published
May 12, 2026 - 16:34 nvd
HIGH 8.7
CVE Published
May 12, 2026 - 16:34 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Integer overflow in the UEFI firmware for the Slim Bootloader may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (high) impacts.

Analysis

Integer overflow in the UEFI firmware for the Slim Bootloader may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (high) impacts.

Share

CVE-2026-20753 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy