Intel
Monthly
Local privilege-impacting memory corruption in the Linux kernel's Intel ice network driver allows a double-free of a transmit buffer's skb when the TX offload paths fail. When ice_tso() or ice_tx_csum() return an error, ice_xmit_frame_ring() frees the skb but leaves the 'first' tx_buf still marked ICE_TX_BUF_SKB, so a later ice_clean_tx_ring() during interface teardown frees the same skb a second time. Carries a CVSS 3.1 base of 7.8 (AV:L/PR:L), but with a low EPSS of 0.15% (5th percentile), no KEV listing, and no public exploit identified at time of analysis.
Error pointer dereference in the Linux kernel's Intel IPU6 media driver crashes the kernel during a failed probe, resulting in local denial of service. The flaw resides in `ipu6_pci_probe()` at `drivers/media/pci/intel/ipu6/ipu6.c:690`, where `isp->psys` holds an ERR_PTR value rather than NULL in a specific error path, causing it to be dereferenced during cleanup rather than handled safely. No public exploit exists and EPSS sits at 0.02% (5th percentile), reflecting negligible real-world exploitation interest.
Broken LBR MSR save/restore in the Linux kernel KVM/SVM subsystem allows a low-privileged local attacker to cause high-impact availability failures in virtualized environments running on AMD SVM hardware. MSR_IA32_DEBUGCTLMSR and Last Branch Record (LBR) MSRs are not enumerated by KVM_GET_MSR_INDEX_LIST and cannot be set via KVM_SET_MSRS, meaning VM state is not correctly preserved across save/restore or live migration cycles, particularly when L2 guests are running. No public exploit has been identified at time of analysis, and EPSS of 0.02% indicates very low exploitation probability, but the flaw affects a foundational hypervisor state management path on production AMD virtualization infrastructure.
Race condition in the Linux kernel's Intel VT-d IOMMU driver allows a local low-privileged attacker to trigger inconsistent PASID table state during domain replacement, potentially producing spurious IOMMU faults and unpredictable DMA behavior with cross-scope impact. The flaw stems from non-atomic updates to 512-bit PASID entries while the Present bit is set, and no public exploit identified at time of analysis despite a high CVSS score driven by the scope-changed local attack surface.
Kernel memory corruption in the Linux iWARP Connection Manager (RDMA/iwcm) subsystem can crash systems running RDMA workloads on iWARP-capable hardware such as Intel E830 adapters. The bug, introduced by commit e1168f0 ('RDMA/iwcm: Simplify cm_event_handler()'), causes workqueue list corruption when iwcm_work items from a free list are reused while still queued, triggering a kernel BUG and panic. No public exploit identified at time of analysis and EPSS exploitation probability is very low (0.02%, 5th percentile), despite a CVSS base score of 9.8.
Out-of-bounds array access in the Linux kernel's Intel Discrete Graphics MTD driver (mtd_intel_dg.c) lets a local actor trigger kernel memory corruption when the driver enumerates NVM regions before nregions is initialized. The flaw, caught by UBSAN as an array-index-out-of-bounds at line 750, affects systems running kernel 6.17 through the pre-patch 6.18/6.19 series with Intel discrete graphics hardware. No public exploit identified at time of analysis, and EPSS exploitation probability is negligible (0.02%, 4th percentile).
Race condition in Linux kernel Intel VT-d IOMMU driver (iommu/vt-d) allows torn reads of Scalable Mode PASID table entries during teardown, producing unpredictable behavior or spurious faults on systems with Intel VT-d enabled. The flaw stems from zeroing the entire 64-byte PASID entry while the Present bit is still set, violating the VT-d spec's invalidation guidance. No public exploit identified at time of analysis, and EPSS is very low (0.02%), but a vendor patch is available across multiple stable branches.
NULL pointer dereference in the Linux kernel's Intel ISH HID subsystem (`intel_ishtp` module) causes a kernel panic and local denial of service during warm reset operations. The `ishtp_bus_remove_all_clients()` function dereferences `cl->device->reference_count` without a NULL guard, which is reachable when a firmware reset interrupts ISH client enumeration mid-flight. No public exploit or active exploitation (CISA KEV) exists; EPSS probability is 0.02% at the 5th percentile, consistent with a timing-dependent, hardware-specific kernel crash path.
Denial of service in the Linux kernel's EFI unaccepted-memory handling allows a boot-time kernel panic on confidential-computing guests, affecting kernels from 6.6 through the 6.19/7.0 development line. The reserve_unaccepted() routine miscalculates the memblock reservation size when the unaccepted memory table is not page-aligned, leaving the table's tail unreserved so it can be overwritten or rendered inaccessible, triggering a panic in accept_memory(). It is observed on Intel TDX VMs with larger memory sizes (e.g. >64GB); there is no public exploit identified at time of analysis and EPSS is negligible (0.02%).
Traffic Management Microkernel (TMM) crashes in F5 BIG-IP Virtual Edition and hardware platforms when SSL profiles are configured without hardware crypto acceleration, allowing remote unauthenticated attackers to cause denial of service via undisclosed traffic patterns. CVSS 7.5 (High) with network attack vector and no prerequisites. EPSS data not provided, no CISA KEV listing identified, indicating theoretical rather than observed exploitation. Vendor patch available per F5 advisory K000158082.
Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Improper input validation for some Intel Endpoint Management Assistant (EMA) software before version 1.14.5 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via adjacent access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Processors within VMX non-root (guest) operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (none) and availability (none) impacts.
Uncontrolled search path for some Intel(R) Server Firmware Update Utility Software before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Use after free for some Linux kernel driver for the Intel(R) Ethernet 800 series before version 2.3.14 within Ring 0: Kernel may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (high) impacts.
Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 2.6.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Improper input validation for some Intel(R) QAT software drivers for Windows before version 2.6 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Improper access control for some Intel Vision software for all versions within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable remote code execution. This result may potentially occur via network access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (low) and availability (low) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Divide by zero for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Out-of-bounds write for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data corruption. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (high) and availability (high) impacts.
Buffer overflow for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (high) impacts.
Unchecked return value for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (low) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Buffer overflow for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Uncontrolled search path for some Intel(R) Connectivity Performance Suite software installers before version 50.25.1121.193 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Out-of-bounds read for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (none) and availability (high) impacts.
Untrusted pointer dereference for some Intel(R) QuickAssist Adapter 8960 software before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Incorrect default permissions for some Intel(R) NPU Driver software installers before version 32.0.100.4511 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Integer overflow in Linux kernel's i915 graphics driver corrupts memory mapping for DRM/GEM shmem objects larger than 4GB, causing kernel warnings, potential crashes, and incorrect memory access when Intel graphics hardware processes large buffer objects. The vulnerability manifests when scatterlist length fields overflow during folio page allocation, leading to premature termination of backing page iteration. Patch available across multiple stable kernel branches (6.6.130, 6.12.78, 6.18.19, 6.19.9, 7.0) per upstream commits. EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability, and no public exploit code or CISA KEV listing exists at time of analysis.
Die ID initialization and lookup bugs in the Linux kernel's Intel uncore performance monitoring subsystem (perf/x86/intel/uncore) can cause a reachable assertion trigger or silent loss of PMON unit visibility on Intel Sapphire Rapids (SPR) and Emerald Rapids (EMR) server hardware. Authenticated local users on affected systems may crash the kernel via the WARN_ON_ONCE reachable assertion (CWE-617) or, when NUMA is disabled on a NUMA-capable platform, cause all uncore PMON units to be silently dropped from the RB tree - rendering hardware performance monitoring inoperative. No public exploit exists and EPSS is 0.02%, indicating no active exploitation pressure at time of analysis.
Hard-lock denial of service in the Linux kernel's Intel VT-d IOMMU subsystem affects systems running PCIe passthrough configurations (QEMU, DPDK) without scalable mode enabled. When a PCIe endpoint's link drops - through surprise removal, link fault, or process termination - the kernel enters an indefinite wait inside qi_submit_sync() attempting an ATS invalidation that the disconnected device can never acknowledge. The existing partial fix (commit 4fc82cd907ac) guards this path only when Intel IOMMU scalable mode is active, leaving non-scalable-mode deployments unprotected. No public exploit identified at time of analysis and EPSS is 0.02%, but the impact is a complete host freeze with no recovery path short of power cycling.
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix NULL pointer dereference If there's a mismatch between the DAI links in the machine driver and the topology, it is possible that the playback/capture widget is not set, especially in the case of loopback capture for echo reference where we use the dummy DAI link. Return the error when the widget is not set to avoid a null pointer dereference like below when the topology is broken. RIP: 0010:hda_dai_get_ops.isra.0+0x14/0xa0 [snd_sof_intel_hda_common]
Out-of-bounds array write in the Linux kernel's Intel uncore PMU driver (`perf/x86/intel/uncore`) causes denial of service on affected Intel multi-die x86 systems. The driver fails to skip discovery table parsing for dies whose CPUs are all offline at boot, allowing the assignment `pmu->boxes[die] = box` in `uncore_pci_pmu_register()` to overflow the boxes array, triggering a kernel WARN or potential memory corruption. Exploitation requires local low-privilege access under a specific hardware and boot configuration; no public exploit exists and EPSS is 0.02%, indicating negligible real-world exploitation likelihood.
Stack buffer overflow in Sandboxie-Plus SbieSvc proxy service enables SYSTEM privilege escalation from sandboxed processes, including Security Hardened Sandboxes. Attackers chain an information disclosure (returning up to 32KB uninitialized stack memory with ASLR/stack cookie bypass) with an unbounded memcpy overflow in the GetRawInputDeviceInfoSlave IPC handler. Intel CET shadow stacks block ROP exploitation but not the information leak itself. Vendor-released patch available in version 1.17.3. No public exploit identified at time of analysis, but attack complexity is rated high (AC:H) with low privilege requirements (PR:L), making this viable for motivated attackers targeting sandbox environments.
In the Linux kernel, the following vulnerability has been resolved: igb: remove napi_synchronize() in igb_down() When an AF_XDP zero-copy application terminates abruptly (e.g., kill -9), the XSK buffer pool is destroyed but NAPI polling continues. igb_clean_rx_irq_zc() repeatedly returns the full budget, preventing napi_complete_done() from clearing NAPI_STATE_SCHED. igb_down() calls napi_synchronize() before napi_disable() for each queue vector. napi_synchronize() spins waiting for NAPI_STATE_SCHED to clear, which never happens. igb_down() blocks indefinitely, the TX watchdog fires, and the TX queue remains permanently stalled. napi_disable() already handles this correctly: it sets NAPI_STATE_DISABLE. After a full-budget poll, __napi_poll() checks napi_disable_pending(). If set, it forces completion and clears NAPI_STATE_SCHED, breaking the loop that napi_synchronize() cannot. napi_synchronize() was added in commit 41f149a285da ("igb: Fix possible panic caused by Rx traffic arrival while interface is down"). napi_disable() provides stronger guarantees: it prevents further scheduling and waits for any active poll to exit. Other Intel drivers (ixgbe, ice, i40e) use napi_disable() without a preceding napi_synchronize() in their down paths. Remove redundant napi_synchronize() call and reorder napi_disable() before igb_set_queue_napi() so the queue-to-NAPI mapping is only cleared after polling has fully stopped.
In the Linux kernel, the following vulnerability has been resolved: vfio/xe: Reorganize the init to decouple migration from reset Attempting to issue reset on VF devices that don't support migration leads to the following: BUG: unable to handle page fault for address: 00000000000011f8 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP NOPTI CPU: 2 UID: 0 PID: 7443 Comm: xe_sriov_flr Tainted: G S U 7.0.0-rc1-lgci-xe-xe-4588-cec43d5c2696af219-nodebug+ #1 PREEMPT(lazy) Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-P DDR4 RVP, BIOS RPLPFWI1.R00.4035.A00.2301200723 01/20/2023 RIP: 0010:xe_sriov_vfio_wait_flr_done+0xc/0x80 [xe] Code: ff c3 cc cc cc cc 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 41 54 53 <83> bf f8 11 00 00 02 75 61 41 89 f4 85 f6 74 52 48 8b 47 08 48 89 RSP: 0018:ffffc9000f7c39b8 EFLAGS: 00010202 RAX: ffffffffa04d8660 RBX: ffff88813e3e4000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000f7c39c8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff888101a48800 R13: ffff88813e3e4150 R14: ffff888130d0d008 R15: ffff88813e3e40d0 FS: 00007877d3d0d940(0000) GS:ffff88890b6d3000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000011f8 CR3: 000000015a762000 CR4: 0000000000f52ef0 PKRU: 55555554 Call Trace: <TASK> xe_vfio_pci_reset_done+0x49/0x120 [xe_vfio_pci] pci_dev_restore+0x3b/0x80 pci_reset_function+0x109/0x140 reset_store+0x5c/0xb0 dev_attr_store+0x17/0x40 sysfs_kf_write+0x72/0x90 kernfs_fop_write_iter+0x161/0x1f0 vfs_write+0x261/0x440 ksys_write+0x69/0xf0 __x64_sys_write+0x19/0x30 x64_sys_call+0x259/0x26e0 do_syscall_64+0xcb/0x1500 ? __fput+0x1a2/0x2d0 ? fput_close_sync+0x3d/0xa0 ? __x64_sys_close+0x3e/0x90 ? x64_sys_call+0x1b7c/0x26e0 ? do_syscall_64+0x109/0x1500 ? __task_pid_nr_ns+0x68/0x100 ? __do_sys_getpid+0x1d/0x30 ? x64_sys_call+0x10b5/0x26e0 ? do_syscall_64+0x109/0x1500 ? putname+0x41/0x90 ? do_faccessat+0x1e8/0x300 ? __x64_sys_access+0x1c/0x30 ? x64_sys_call+0x1822/0x26e0 ? do_syscall_64+0x109/0x1500 ? tick_program_event+0x43/0xa0 ? hrtimer_interrupt+0x126/0x260 ? irqentry_exit+0xb2/0x710 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7877d5f1c5a4 Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d a5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89 RSP: 002b:00007fff48e5f908 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007877d5f1c5a4 RDX: 0000000000000001 RSI: 00007877d621b0c9 RDI: 0000000000000009 RBP: 0000000000000001 R08: 00005fb49113b010 R09: 0000000000000007 R10: 0000000000000000 R11: 0000000000000202 R12: 00007877d621b0c9 R13: 0000000000000009 R14: 00007fff48e5fac0 R15: 00007fff48e5fac0 </TASK> This is caused by the fact that some of the xe_vfio_pci_core_device members needed for handling reset are only initialized as part of migration init. Fix the problem by reorganizing the code to decouple VF init from migration init.
Use-after-free in Linux kernel Bluetooth Intel driver enables local privilege escalation to kernel code execution. Affects Linux kernel 4.3 through 7.0-rc5, with patches available in versions 6.6.131, 6.12.80, 6.18.21, 6.19.11, and 7.0. Exploitation requires local authenticated access with low privileges (CVSS PR:L). EPSS score of 0.02% (5th percentile) indicates low probability of widespread exploitation. No public exploit code or active exploitation confirmed at time of analysis, though technical details in CVE description provide implementation roadmap.
Use of a default cryptographic key in Intel Pentium Processor Silver Series, Celeron Processor J Series, and Celeron Processor N Series hardware allows privilege escalation when a hardware reverse engineer with privileged user access performs a high-complexity physical attack with special internal knowledge. The vulnerability has a CVSS score of 5.8 with physical attack vector (AV:P) and high attack complexity (AC:H), requiring privileged access (PR:H) and special attack time requirements (AT:P). No public exploit code or active CISA KEV designation has been identified.
Attested TLS relay attacks in Cocos AI confidential computing system versions 0.4.0 through 0.8.2 enable attackers to impersonate genuine TEE-protected services on AMD SEV-SNP and Intel TDX platforms by extracting ephemeral TLS private keys and redirecting authenticated sessions. The architectural flaw allows an attacker with physical access or side-channel capabilities to relay attestation evidence to a different endpoint, breaking the authentication binding between the TEE and the client. No vendor-released patch is available; the vulnerability affects a specialized confidential computing platform with low EPSS probability (formal EPSS score not provided in input) and no public exploit identified at time of analysis, though formal ProVerif verification confirms the attack feasibility.
A downgrade vulnerability affecting Intel-based Mac computers allows malicious applications to bypass code-signing restrictions and access user-sensitive data. The vulnerability impacts macOS Sequoia (versions before 15.7.5), macOS Sonoma (versions before 14.8.5), macOS Tahoe (versions before 26.3 and 26.4), and affects all Intel-based Mac systems running vulnerable versions. An attacker can craft an application that exploits insufficient code-signing validation to downgrade security protections and exfiltrate sensitive user information.
This vulnerability in Intel EPT (Extended Page Tables) paging code within Xen allows information disclosure through a use-after-free condition in cached EPT state management. When paging structures are freed before cached EPT state is flushed, stale entries can persist in the EPT cache pointing to memory ranges outside the guest's intended ownership, enabling unauthorized memory access. Xen across multiple versions is affected, with Ubuntu tracking the issue at medium priority across 7 releases and Debian across 7 releases, making this a widespread concern for virtualization infrastructure.
A NULL pointer dereference in the Intel ice network driver's ice_vsi_set_napi_queues() function can cause a kernel crash on Linux systems during suspend/resume operations when ring queue vectors are improperly initialized. Local users with standard privileges can trigger this denial of service condition through standard power management operations like systemctl suspend. No patch is currently available for this vulnerability affecting Linux kernel v6.18 and the Intel E810 Ethernet adapter family.
Privilege escalation in Intel QuickAssist Technology (QAT) on certain Intel platforms allows a system-software adversary already holding privileged (Ring 0 / kernel-level) access to read and corrupt kernel state via an unprotected alternate hardware interface. The flaw stems from a missing protection mechanism on a secondary hardware control path, yielding high confidentiality and integrity impact but no availability loss. There is no public exploit identified at time of analysis, EPSS is negligible (0.01%), and it is not listed in CISA KEV.
Improper conditions check in some firmware for some Intel(R) Graphics Drivers and Intel LTS kernels within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable denial of service. [CVSS 2.8 LOW]
Incorrect default permissions for some Intel(R) Graphics Driver software within Ring 2: Privileged Process may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. [CVSS 6.7 MEDIUM]
Graphics Software versions up to 25.30.1702.0 contains a vulnerability that allows attackers to an escalation of privilege (CVSS 6.7).
Out-of-bounds read in the firmware for some 100GbE Intel(R) Ethernet Network Adapter E810 before version cvl fw 1.7.6, cpk 1.3.7 within Ring 0: Bare Metal OS may allow a denial of service. [CVSS 6.5 MEDIUM]
Exposed ioctl with insufficient access control in the firmware for some Intel(R) Ethernet Connection E825-C. before version NVM ver. [CVSS 5.3 MEDIUM]
Out-of-bounds write in the firmware for some Intel(R) Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. [CVSS 6.0 MEDIUM]
Uncaught exception in the firmware for some 100GbE Intel(R) Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. [CVSS 6.0 MEDIUM]
The Intel XWay PHY driver in the Linux kernel fails to properly release device tree node references, causing memory leaks that can degrade system stability over time. Local users with sufficient privileges can trigger this refcount leakage through repeated device tree operations, potentially leading to denial of service conditions as memory resources become exhausted.
KVM on Linux with Intel processors fails to properly clear XSTATE_BV flags when XFD (eXtended Feature Disable) is set, causing kernel panic when XRSTOR attempts to restore disabled CPU features. A local attacker with guest OS access can trigger this denial of service by manipulating XSAVE state through KVM_SET_XSAVE or guest WRMSR operations. No patch is currently available for this medium-severity vulnerability.
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer When advancing the target expiration for the guest's APIC timer in periodic mode, set the expiration to "now" if the target expiration is in the past (similar to what is done in update_target_expiration()).
In the Linux kernel, the following vulnerability has been resolved: EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller When loading the i10nm_edac driver on some Intel Granite Rapids. No vendor patch available.
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640.
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback In create_sdw_dailink() check that sof_end->codec_info->add_sidecar. No vendor patch available.
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix IA32_PMC_x_CFG_B MSRs access error When running perf_fuzzer on PTL, sometimes the below "unchecked MSR access. No vendor patch available.
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640.
Uncontrolled search path for the Intel MPI Library before version 2021.16 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Insufficient control flow management for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper input validation for some Intel QuickAssist Technology before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Buffer overflow for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.
Untrusted pointer dereference for some Intel QuickAssist Technology software before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Incorrect default permissions in some firmware for the Intel(R) Arc(TM) B-series GPUs within Ring 1: Device Drivers may allow an escalation of privilege. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.
Improper conditions check for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Uncontrolled search path for some FPGA Support Package for the Intel oneAPI DPC++C++ Compiler software before version 2025.0.1 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
Improper access control for some Intel(R) PresentMon before version 2.3.1 within Ring 3: User Applications may allow a denial of service. Rated low severity (CVSS 2.0). No vendor patch available.
Uncontrolled search path for the Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
Improper input validation for some Intel(R) oneAPI Math Kernel Library before version 2025.2 within Ring 3: User Applications may allow a denial of service. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Incorrect default permissions for some Intel(R) Thread Director Visualizer software before version 1.1.1 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
Out-of-bounds read for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 5.7). No vendor patch available.
Uncontrolled search path for some Intel(R) Graphics Software before version 25.22.1502.2 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
Time-of-check time-of-use race condition for some Intel Ethernet Adapter Complete Driver Pack software before version 1.5.1.0 within Ring 3: User Applications may allow a denial of service. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Incorrect default permissions for some Intel(R) PresentMon before version 2.3.1 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
Improper input validation for some Intel QuickAssist Technology software before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Uncontrolled search path for some Intel Driver and Support Assistant before version 25.2 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Active debug code for some Intel UEFI reference platforms within Ring 0: Kernel may allow a denial of service and escalation of privilege. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.
Uncontrolled search path for some Intel(R) Distribution for Python software installers before version 2025.2.0 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
Out-of-bounds write for some Intel(R) QAT Windows software before version 2.6.0. Rated high severity (CVSS 7.3). No vendor patch available.
Improper neutralization for some Intel(R) Neural Compressor software before version v3.4 within Ring 3: User Applications may allow an escalation of privilege. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.
Incorrect default permissions for some Intel(R) One Boot Flash Update (Intel(R) OFU) software before version 14.1.31 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
Untrusted pointer dereference for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Local privilege-impacting memory corruption in the Linux kernel's Intel ice network driver allows a double-free of a transmit buffer's skb when the TX offload paths fail. When ice_tso() or ice_tx_csum() return an error, ice_xmit_frame_ring() frees the skb but leaves the 'first' tx_buf still marked ICE_TX_BUF_SKB, so a later ice_clean_tx_ring() during interface teardown frees the same skb a second time. Carries a CVSS 3.1 base of 7.8 (AV:L/PR:L), but with a low EPSS of 0.15% (5th percentile), no KEV listing, and no public exploit identified at time of analysis.
Error pointer dereference in the Linux kernel's Intel IPU6 media driver crashes the kernel during a failed probe, resulting in local denial of service. The flaw resides in `ipu6_pci_probe()` at `drivers/media/pci/intel/ipu6/ipu6.c:690`, where `isp->psys` holds an ERR_PTR value rather than NULL in a specific error path, causing it to be dereferenced during cleanup rather than handled safely. No public exploit exists and EPSS sits at 0.02% (5th percentile), reflecting negligible real-world exploitation interest.
Broken LBR MSR save/restore in the Linux kernel KVM/SVM subsystem allows a low-privileged local attacker to cause high-impact availability failures in virtualized environments running on AMD SVM hardware. MSR_IA32_DEBUGCTLMSR and Last Branch Record (LBR) MSRs are not enumerated by KVM_GET_MSR_INDEX_LIST and cannot be set via KVM_SET_MSRS, meaning VM state is not correctly preserved across save/restore or live migration cycles, particularly when L2 guests are running. No public exploit has been identified at time of analysis, and EPSS of 0.02% indicates very low exploitation probability, but the flaw affects a foundational hypervisor state management path on production AMD virtualization infrastructure.
Race condition in the Linux kernel's Intel VT-d IOMMU driver allows a local low-privileged attacker to trigger inconsistent PASID table state during domain replacement, potentially producing spurious IOMMU faults and unpredictable DMA behavior with cross-scope impact. The flaw stems from non-atomic updates to 512-bit PASID entries while the Present bit is set, and no public exploit identified at time of analysis despite a high CVSS score driven by the scope-changed local attack surface.
Kernel memory corruption in the Linux iWARP Connection Manager (RDMA/iwcm) subsystem can crash systems running RDMA workloads on iWARP-capable hardware such as Intel E830 adapters. The bug, introduced by commit e1168f0 ('RDMA/iwcm: Simplify cm_event_handler()'), causes workqueue list corruption when iwcm_work items from a free list are reused while still queued, triggering a kernel BUG and panic. No public exploit identified at time of analysis and EPSS exploitation probability is very low (0.02%, 5th percentile), despite a CVSS base score of 9.8.
Out-of-bounds array access in the Linux kernel's Intel Discrete Graphics MTD driver (mtd_intel_dg.c) lets a local actor trigger kernel memory corruption when the driver enumerates NVM regions before nregions is initialized. The flaw, caught by UBSAN as an array-index-out-of-bounds at line 750, affects systems running kernel 6.17 through the pre-patch 6.18/6.19 series with Intel discrete graphics hardware. No public exploit identified at time of analysis, and EPSS exploitation probability is negligible (0.02%, 4th percentile).
Race condition in Linux kernel Intel VT-d IOMMU driver (iommu/vt-d) allows torn reads of Scalable Mode PASID table entries during teardown, producing unpredictable behavior or spurious faults on systems with Intel VT-d enabled. The flaw stems from zeroing the entire 64-byte PASID entry while the Present bit is still set, violating the VT-d spec's invalidation guidance. No public exploit identified at time of analysis, and EPSS is very low (0.02%), but a vendor patch is available across multiple stable branches.
NULL pointer dereference in the Linux kernel's Intel ISH HID subsystem (`intel_ishtp` module) causes a kernel panic and local denial of service during warm reset operations. The `ishtp_bus_remove_all_clients()` function dereferences `cl->device->reference_count` without a NULL guard, which is reachable when a firmware reset interrupts ISH client enumeration mid-flight. No public exploit or active exploitation (CISA KEV) exists; EPSS probability is 0.02% at the 5th percentile, consistent with a timing-dependent, hardware-specific kernel crash path.
Denial of service in the Linux kernel's EFI unaccepted-memory handling allows a boot-time kernel panic on confidential-computing guests, affecting kernels from 6.6 through the 6.19/7.0 development line. The reserve_unaccepted() routine miscalculates the memblock reservation size when the unaccepted memory table is not page-aligned, leaving the table's tail unreserved so it can be overwritten or rendered inaccessible, triggering a panic in accept_memory(). It is observed on Intel TDX VMs with larger memory sizes (e.g. >64GB); there is no public exploit identified at time of analysis and EPSS is negligible (0.02%).
Traffic Management Microkernel (TMM) crashes in F5 BIG-IP Virtual Edition and hardware platforms when SSL profiles are configured without hardware crypto acceleration, allowing remote unauthenticated attackers to cause denial of service via undisclosed traffic patterns. CVSS 7.5 (High) with network attack vector and no prerequisites. EPSS data not provided, no CISA KEV listing identified, indicating theoretical rather than observed exploitation. Vendor patch available per F5 advisory K000158082.
Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Improper input validation for some Intel Endpoint Management Assistant (EMA) software before version 1.14.5 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via adjacent access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Processors within VMX non-root (guest) operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (none) and availability (none) impacts.
Uncontrolled search path for some Intel(R) Server Firmware Update Utility Software before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Use after free for some Linux kernel driver for the Intel(R) Ethernet 800 series before version 2.3.14 within Ring 0: Kernel may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (high) impacts.
Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 2.6.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Improper input validation for some Intel(R) QAT software drivers for Windows before version 2.6 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Improper access control for some Intel Vision software for all versions within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable remote code execution. This result may potentially occur via network access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (low) and availability (low) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Divide by zero for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Out-of-bounds write for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data corruption. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (high) and availability (high) impacts.
Buffer overflow for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (high) impacts.
Unchecked return value for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (low) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Buffer overflow for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Uncontrolled search path for some Intel(R) Connectivity Performance Suite software installers before version 50.25.1121.193 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Out-of-bounds read for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (none) and availability (high) impacts.
Untrusted pointer dereference for some Intel(R) QuickAssist Adapter 8960 software before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Incorrect default permissions for some Intel(R) NPU Driver software installers before version 32.0.100.4511 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Integer overflow in Linux kernel's i915 graphics driver corrupts memory mapping for DRM/GEM shmem objects larger than 4GB, causing kernel warnings, potential crashes, and incorrect memory access when Intel graphics hardware processes large buffer objects. The vulnerability manifests when scatterlist length fields overflow during folio page allocation, leading to premature termination of backing page iteration. Patch available across multiple stable kernel branches (6.6.130, 6.12.78, 6.18.19, 6.19.9, 7.0) per upstream commits. EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability, and no public exploit code or CISA KEV listing exists at time of analysis.
Die ID initialization and lookup bugs in the Linux kernel's Intel uncore performance monitoring subsystem (perf/x86/intel/uncore) can cause a reachable assertion trigger or silent loss of PMON unit visibility on Intel Sapphire Rapids (SPR) and Emerald Rapids (EMR) server hardware. Authenticated local users on affected systems may crash the kernel via the WARN_ON_ONCE reachable assertion (CWE-617) or, when NUMA is disabled on a NUMA-capable platform, cause all uncore PMON units to be silently dropped from the RB tree - rendering hardware performance monitoring inoperative. No public exploit exists and EPSS is 0.02%, indicating no active exploitation pressure at time of analysis.
Hard-lock denial of service in the Linux kernel's Intel VT-d IOMMU subsystem affects systems running PCIe passthrough configurations (QEMU, DPDK) without scalable mode enabled. When a PCIe endpoint's link drops - through surprise removal, link fault, or process termination - the kernel enters an indefinite wait inside qi_submit_sync() attempting an ATS invalidation that the disconnected device can never acknowledge. The existing partial fix (commit 4fc82cd907ac) guards this path only when Intel IOMMU scalable mode is active, leaving non-scalable-mode deployments unprotected. No public exploit identified at time of analysis and EPSS is 0.02%, but the impact is a complete host freeze with no recovery path short of power cycling.
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix NULL pointer dereference If there's a mismatch between the DAI links in the machine driver and the topology, it is possible that the playback/capture widget is not set, especially in the case of loopback capture for echo reference where we use the dummy DAI link. Return the error when the widget is not set to avoid a null pointer dereference like below when the topology is broken. RIP: 0010:hda_dai_get_ops.isra.0+0x14/0xa0 [snd_sof_intel_hda_common]
Out-of-bounds array write in the Linux kernel's Intel uncore PMU driver (`perf/x86/intel/uncore`) causes denial of service on affected Intel multi-die x86 systems. The driver fails to skip discovery table parsing for dies whose CPUs are all offline at boot, allowing the assignment `pmu->boxes[die] = box` in `uncore_pci_pmu_register()` to overflow the boxes array, triggering a kernel WARN or potential memory corruption. Exploitation requires local low-privilege access under a specific hardware and boot configuration; no public exploit exists and EPSS is 0.02%, indicating negligible real-world exploitation likelihood.
Stack buffer overflow in Sandboxie-Plus SbieSvc proxy service enables SYSTEM privilege escalation from sandboxed processes, including Security Hardened Sandboxes. Attackers chain an information disclosure (returning up to 32KB uninitialized stack memory with ASLR/stack cookie bypass) with an unbounded memcpy overflow in the GetRawInputDeviceInfoSlave IPC handler. Intel CET shadow stacks block ROP exploitation but not the information leak itself. Vendor-released patch available in version 1.17.3. No public exploit identified at time of analysis, but attack complexity is rated high (AC:H) with low privilege requirements (PR:L), making this viable for motivated attackers targeting sandbox environments.
In the Linux kernel, the following vulnerability has been resolved: igb: remove napi_synchronize() in igb_down() When an AF_XDP zero-copy application terminates abruptly (e.g., kill -9), the XSK buffer pool is destroyed but NAPI polling continues. igb_clean_rx_irq_zc() repeatedly returns the full budget, preventing napi_complete_done() from clearing NAPI_STATE_SCHED. igb_down() calls napi_synchronize() before napi_disable() for each queue vector. napi_synchronize() spins waiting for NAPI_STATE_SCHED to clear, which never happens. igb_down() blocks indefinitely, the TX watchdog fires, and the TX queue remains permanently stalled. napi_disable() already handles this correctly: it sets NAPI_STATE_DISABLE. After a full-budget poll, __napi_poll() checks napi_disable_pending(). If set, it forces completion and clears NAPI_STATE_SCHED, breaking the loop that napi_synchronize() cannot. napi_synchronize() was added in commit 41f149a285da ("igb: Fix possible panic caused by Rx traffic arrival while interface is down"). napi_disable() provides stronger guarantees: it prevents further scheduling and waits for any active poll to exit. Other Intel drivers (ixgbe, ice, i40e) use napi_disable() without a preceding napi_synchronize() in their down paths. Remove redundant napi_synchronize() call and reorder napi_disable() before igb_set_queue_napi() so the queue-to-NAPI mapping is only cleared after polling has fully stopped.
In the Linux kernel, the following vulnerability has been resolved: vfio/xe: Reorganize the init to decouple migration from reset Attempting to issue reset on VF devices that don't support migration leads to the following: BUG: unable to handle page fault for address: 00000000000011f8 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP NOPTI CPU: 2 UID: 0 PID: 7443 Comm: xe_sriov_flr Tainted: G S U 7.0.0-rc1-lgci-xe-xe-4588-cec43d5c2696af219-nodebug+ #1 PREEMPT(lazy) Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-P DDR4 RVP, BIOS RPLPFWI1.R00.4035.A00.2301200723 01/20/2023 RIP: 0010:xe_sriov_vfio_wait_flr_done+0xc/0x80 [xe] Code: ff c3 cc cc cc cc 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 41 54 53 <83> bf f8 11 00 00 02 75 61 41 89 f4 85 f6 74 52 48 8b 47 08 48 89 RSP: 0018:ffffc9000f7c39b8 EFLAGS: 00010202 RAX: ffffffffa04d8660 RBX: ffff88813e3e4000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000f7c39c8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff888101a48800 R13: ffff88813e3e4150 R14: ffff888130d0d008 R15: ffff88813e3e40d0 FS: 00007877d3d0d940(0000) GS:ffff88890b6d3000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000011f8 CR3: 000000015a762000 CR4: 0000000000f52ef0 PKRU: 55555554 Call Trace: <TASK> xe_vfio_pci_reset_done+0x49/0x120 [xe_vfio_pci] pci_dev_restore+0x3b/0x80 pci_reset_function+0x109/0x140 reset_store+0x5c/0xb0 dev_attr_store+0x17/0x40 sysfs_kf_write+0x72/0x90 kernfs_fop_write_iter+0x161/0x1f0 vfs_write+0x261/0x440 ksys_write+0x69/0xf0 __x64_sys_write+0x19/0x30 x64_sys_call+0x259/0x26e0 do_syscall_64+0xcb/0x1500 ? __fput+0x1a2/0x2d0 ? fput_close_sync+0x3d/0xa0 ? __x64_sys_close+0x3e/0x90 ? x64_sys_call+0x1b7c/0x26e0 ? do_syscall_64+0x109/0x1500 ? __task_pid_nr_ns+0x68/0x100 ? __do_sys_getpid+0x1d/0x30 ? x64_sys_call+0x10b5/0x26e0 ? do_syscall_64+0x109/0x1500 ? putname+0x41/0x90 ? do_faccessat+0x1e8/0x300 ? __x64_sys_access+0x1c/0x30 ? x64_sys_call+0x1822/0x26e0 ? do_syscall_64+0x109/0x1500 ? tick_program_event+0x43/0xa0 ? hrtimer_interrupt+0x126/0x260 ? irqentry_exit+0xb2/0x710 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7877d5f1c5a4 Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d a5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89 RSP: 002b:00007fff48e5f908 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007877d5f1c5a4 RDX: 0000000000000001 RSI: 00007877d621b0c9 RDI: 0000000000000009 RBP: 0000000000000001 R08: 00005fb49113b010 R09: 0000000000000007 R10: 0000000000000000 R11: 0000000000000202 R12: 00007877d621b0c9 R13: 0000000000000009 R14: 00007fff48e5fac0 R15: 00007fff48e5fac0 </TASK> This is caused by the fact that some of the xe_vfio_pci_core_device members needed for handling reset are only initialized as part of migration init. Fix the problem by reorganizing the code to decouple VF init from migration init.
Use-after-free in Linux kernel Bluetooth Intel driver enables local privilege escalation to kernel code execution. Affects Linux kernel 4.3 through 7.0-rc5, with patches available in versions 6.6.131, 6.12.80, 6.18.21, 6.19.11, and 7.0. Exploitation requires local authenticated access with low privileges (CVSS PR:L). EPSS score of 0.02% (5th percentile) indicates low probability of widespread exploitation. No public exploit code or active exploitation confirmed at time of analysis, though technical details in CVE description provide implementation roadmap.
Use of a default cryptographic key in Intel Pentium Processor Silver Series, Celeron Processor J Series, and Celeron Processor N Series hardware allows privilege escalation when a hardware reverse engineer with privileged user access performs a high-complexity physical attack with special internal knowledge. The vulnerability has a CVSS score of 5.8 with physical attack vector (AV:P) and high attack complexity (AC:H), requiring privileged access (PR:H) and special attack time requirements (AT:P). No public exploit code or active CISA KEV designation has been identified.
Attested TLS relay attacks in Cocos AI confidential computing system versions 0.4.0 through 0.8.2 enable attackers to impersonate genuine TEE-protected services on AMD SEV-SNP and Intel TDX platforms by extracting ephemeral TLS private keys and redirecting authenticated sessions. The architectural flaw allows an attacker with physical access or side-channel capabilities to relay attestation evidence to a different endpoint, breaking the authentication binding between the TEE and the client. No vendor-released patch is available; the vulnerability affects a specialized confidential computing platform with low EPSS probability (formal EPSS score not provided in input) and no public exploit identified at time of analysis, though formal ProVerif verification confirms the attack feasibility.
A downgrade vulnerability affecting Intel-based Mac computers allows malicious applications to bypass code-signing restrictions and access user-sensitive data. The vulnerability impacts macOS Sequoia (versions before 15.7.5), macOS Sonoma (versions before 14.8.5), macOS Tahoe (versions before 26.3 and 26.4), and affects all Intel-based Mac systems running vulnerable versions. An attacker can craft an application that exploits insufficient code-signing validation to downgrade security protections and exfiltrate sensitive user information.
This vulnerability in Intel EPT (Extended Page Tables) paging code within Xen allows information disclosure through a use-after-free condition in cached EPT state management. When paging structures are freed before cached EPT state is flushed, stale entries can persist in the EPT cache pointing to memory ranges outside the guest's intended ownership, enabling unauthorized memory access. Xen across multiple versions is affected, with Ubuntu tracking the issue at medium priority across 7 releases and Debian across 7 releases, making this a widespread concern for virtualization infrastructure.
A NULL pointer dereference in the Intel ice network driver's ice_vsi_set_napi_queues() function can cause a kernel crash on Linux systems during suspend/resume operations when ring queue vectors are improperly initialized. Local users with standard privileges can trigger this denial of service condition through standard power management operations like systemctl suspend. No patch is currently available for this vulnerability affecting Linux kernel v6.18 and the Intel E810 Ethernet adapter family.
Privilege escalation in Intel QuickAssist Technology (QAT) on certain Intel platforms allows a system-software adversary already holding privileged (Ring 0 / kernel-level) access to read and corrupt kernel state via an unprotected alternate hardware interface. The flaw stems from a missing protection mechanism on a secondary hardware control path, yielding high confidentiality and integrity impact but no availability loss. There is no public exploit identified at time of analysis, EPSS is negligible (0.01%), and it is not listed in CISA KEV.
Improper conditions check in some firmware for some Intel(R) Graphics Drivers and Intel LTS kernels within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable denial of service. [CVSS 2.8 LOW]
Incorrect default permissions for some Intel(R) Graphics Driver software within Ring 2: Privileged Process may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. [CVSS 6.7 MEDIUM]
Graphics Software versions up to 25.30.1702.0 contains a vulnerability that allows attackers to an escalation of privilege (CVSS 6.7).
Out-of-bounds read in the firmware for some 100GbE Intel(R) Ethernet Network Adapter E810 before version cvl fw 1.7.6, cpk 1.3.7 within Ring 0: Bare Metal OS may allow a denial of service. [CVSS 6.5 MEDIUM]
Exposed ioctl with insufficient access control in the firmware for some Intel(R) Ethernet Connection E825-C. before version NVM ver. [CVSS 5.3 MEDIUM]
Out-of-bounds write in the firmware for some Intel(R) Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. [CVSS 6.0 MEDIUM]
Uncaught exception in the firmware for some 100GbE Intel(R) Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. [CVSS 6.0 MEDIUM]
The Intel XWay PHY driver in the Linux kernel fails to properly release device tree node references, causing memory leaks that can degrade system stability over time. Local users with sufficient privileges can trigger this refcount leakage through repeated device tree operations, potentially leading to denial of service conditions as memory resources become exhausted.
KVM on Linux with Intel processors fails to properly clear XSTATE_BV flags when XFD (eXtended Feature Disable) is set, causing kernel panic when XRSTOR attempts to restore disabled CPU features. A local attacker with guest OS access can trigger this denial of service by manipulating XSAVE state through KVM_SET_XSAVE or guest WRMSR operations. No patch is currently available for this medium-severity vulnerability.
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer When advancing the target expiration for the guest's APIC timer in periodic mode, set the expiration to "now" if the target expiration is in the past (similar to what is done in update_target_expiration()).
In the Linux kernel, the following vulnerability has been resolved: EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller When loading the i10nm_edac driver on some Intel Granite Rapids. No vendor patch available.
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640.
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback In create_sdw_dailink() check that sof_end->codec_info->add_sidecar. No vendor patch available.
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix IA32_PMC_x_CFG_B MSRs access error When running perf_fuzzer on PTL, sometimes the below "unchecked MSR access. No vendor patch available.
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640.
Uncontrolled search path for the Intel MPI Library before version 2021.16 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Insufficient control flow management for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper input validation for some Intel QuickAssist Technology before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Buffer overflow for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.
Untrusted pointer dereference for some Intel QuickAssist Technology software before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Incorrect default permissions in some firmware for the Intel(R) Arc(TM) B-series GPUs within Ring 1: Device Drivers may allow an escalation of privilege. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.
Improper conditions check for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Uncontrolled search path for some FPGA Support Package for the Intel oneAPI DPC++C++ Compiler software before version 2025.0.1 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
Improper access control for some Intel(R) PresentMon before version 2.3.1 within Ring 3: User Applications may allow a denial of service. Rated low severity (CVSS 2.0). No vendor patch available.
Uncontrolled search path for the Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
Improper input validation for some Intel(R) oneAPI Math Kernel Library before version 2025.2 within Ring 3: User Applications may allow a denial of service. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Incorrect default permissions for some Intel(R) Thread Director Visualizer software before version 1.1.1 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
Out-of-bounds read for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 5.7). No vendor patch available.
Uncontrolled search path for some Intel(R) Graphics Software before version 25.22.1502.2 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
Time-of-check time-of-use race condition for some Intel Ethernet Adapter Complete Driver Pack software before version 1.5.1.0 within Ring 3: User Applications may allow a denial of service. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Incorrect default permissions for some Intel(R) PresentMon before version 2.3.1 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
Improper input validation for some Intel QuickAssist Technology software before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Uncontrolled search path for some Intel Driver and Support Assistant before version 25.2 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Active debug code for some Intel UEFI reference platforms within Ring 0: Kernel may allow a denial of service and escalation of privilege. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.
Uncontrolled search path for some Intel(R) Distribution for Python software installers before version 2025.2.0 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
Out-of-bounds write for some Intel(R) QAT Windows software before version 2.6.0. Rated high severity (CVSS 7.3). No vendor patch available.
Improper neutralization for some Intel(R) Neural Compressor software before version v3.4 within Ring 3: User Applications may allow an escalation of privilege. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.
Incorrect default permissions for some Intel(R) One Boot Flash Update (Intel(R) OFU) software before version 14.1.31 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
Untrusted pointer dereference for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.