Intel
Monthly
Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.
Incorrect default permissions for some Intel(R) Distribution for Python software installers before version 2025.1.0 may allow an authenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 5.4). No vendor patch available.
Uncontrolled search path for some Intel(R) DSA software before version 25.2.15.9 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6 processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege. Rated medium severity (CVSS 4.5). No vendor patch available.
Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 8.8). No vendor patch available.
Uncontrolled search path in some Intel(R) AI for Enterprise Retrieval-augmented Generation software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Improper neutralization for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable information disclosure. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper access control for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable escalation of privilege. Rated low severity (CVSS 2.3), this vulnerability is no authentication required. No vendor patch available.
Protection mechanism failure in the Intel(R) Graphics Driver for the Intel(R) Arc(TM) B-Series graphics before version 32.0.101.6737 may allow an authenticated user to potentially enable denial of. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. No vendor patch available.
Protection mechanism failure for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Insertion of sensitive information into log file for some Intel(R) Local Manageability Service software before version 2514.7.16.0 may allow an authenticated user to potentially enable information. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
NULL pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Improper initialization in the Linux kernel-mode driver for some Intel(R) I350 Series Ethernet before version 5.19.2 may allow an authenticated user to potentially enable Information disclosure via. Rated low severity (CVSS 2.0), this vulnerability is low attack complexity. No vendor patch available.
Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 8.8). No vendor patch available.
Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 8.8). No vendor patch available.
Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. No vendor patch available.
Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of. Rated low severity (CVSS 2.0). No vendor patch available.
Improper access control in some firmware package and LED mode toggle tool for some Intel(R) PCIe Switch software before version MR4_1.0b1 may allow a privileged user to potentially enable escalation. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.
Improper access control for some Device Plugins for Kubernetes software maintained by Intel before version 0.32.0 may allow a privileged user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel(R) Xeon(R) processors may allow a privileged user to potentially enable escalation of. Rated high severity (CVSS 7.0). No vendor patch available.
Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable. Rated high severity (CVSS 8.8). No vendor patch available.
Uncontrolled recursion for some TinyCBOR libraries maintained by Intel(R) before version 0.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Improper input validation in some firmware for the Intel(R) E810 Ethernet before version 4.6 may allow a privileged user to enable denial of service via local access. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable denial of service via. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.
Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 8.8). No vendor patch available.
Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.
Improper synchronization in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. Rated low severity (CVSS 1.8), this vulnerability is low attack complexity. No vendor patch available.
Sequence of processor instructions leads to unexpected behavior for some Intel(R) Xeon(R) 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 5.3). No vendor patch available.
Insufficient granularity of access control in the OOB-MSM for some Intel(R) Xeon(R) 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. Rated high severity (CVSS 7.3). No vendor patch available.
Uncontrolled search path for some Intel(R) RealSense(TM) Dynamic Calibrator software before version 2.14.2.0 may allow an authenticated user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 5.4). No vendor patch available.
Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 8.8). No vendor patch available.
Out-of-bounds read in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via network access. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.
Improper buffer restrictions in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. Rated low severity (CVSS 2.0). No vendor patch available.
Uncontrolled search path element for some Intel(R) Driver & Support Assistant Tool software before version 24.6.49.8 may allow an authenticated user to potentially enable escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
Missing reference to active allocated resource for some Intel(R) Xeon(R) processors may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. No vendor patch available.
Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege. Rated medium severity (CVSS 6.9). No vendor patch available.
Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler software before version 2025.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Improper conditions check for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.110.0.5 may allow an unauthenticated user to potentially enable denial of service via adjacent. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Predictable Seed in Pseudo-Random Number Generator (PRNG) in the firmware for some Intel(R) TDX may allow an authenticated user to potentially enable information disclosure via local access. Rated low severity (CVSS 2.0), this vulnerability is low attack complexity. No vendor patch available.
Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.3). No vendor patch available.
Improper access control for some Intel(R) Rapid Storage Technology installation software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.
Untrusted Pointer Dereference for some Intel(R) QuickAssist Technology software before version 2.5.0 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Incorrect default permissions for some Intel(R) oneAPI DPC++/C++ Compiler software installers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Missing release of memory after effective lifetime in the UEFI OobRasMmbiHandlerDriver module for some Intel(R) reference server platforms may allow a privileged user to enable denial of service via. Rated medium severity (CVSS 5.6). No vendor patch available.
Time-of-check Time-of-use race condition for some Intel(R) Connectivity Performance Suite software installers before version 40.24.11210 may allow an authenticated user to potentially enable. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Observable timing discrepancy in firmware for some Intel(R) CSME and Intel(R) SPS may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.0). No vendor patch available.
Uncontrolled search path for the Intel(R) Trace Analyzer and Collector software all verions may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Time-of-check time-of-use race condition in firmware for some Intel(R) Converged Security and Management Engine may allow a privileged user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 6.8). No vendor patch available.
Uncontrolled recursion for some TinyCBOR libraries maintained by Intel(R) before version 0.6.1 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 4.1). No vendor patch available.
Incorrect default permissions for some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Uncontrolled search path for some Intel(R) oneAPI Toolkit and component software installers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Out-of-bounds read in some Intel(R) TDX module software before version TDX_1.5.07.00.774 may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.7). No vendor patch available.
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: mm, slab: clean up slab->obj_exts always When memory allocation profiling is disabled at runtime or due to an error,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Incorrect default permissions in some Intel(R) Gaudi(R) software installers before version 1.18 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.
Incorrect initialization of resource in the branch prediction unit for some Intel(R) Core™ Ultra Processors may allow an authenticated user to potentially enable information disclosure via local. Rated medium severity (CVSS 6.8). No vendor patch available.
Improper input validation in the UEFI firmware error handler for the Intel(R) Server D50DNP and M50FCP may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7). No vendor patch available.
Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
Uncontrolled resource consumption for some OpenVINO™ model server software maintained by Intel(R) before version 2024.4 may allow an unauthenticated user to potentially enable denial of service via. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper conditions check for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Improper access control for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an unauthenticated user to potentially enable information disclosure via adjacent access. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 8.8). No vendor patch available.
Insecure inherited permissions for some Intel(R) Simics(R) Package Manager software before version 1.12.0 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Inadequate encryption strength for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Improper initialization in the UEFI firmware for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.6). No vendor patch available.
Uncontrolled search path for some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Improper input validation in the UEFI firmware DXE module for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.
Protection mechanism failure for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local access. Rated low severity (CVSS 2.0). No vendor patch available.
Insecure inherited permissions in the NVM Update Utility for some Intel(R) Ethernet Network Adapter E810 Series before version 4.60 may allow an authenticated user to potentially enable escalation of. Rated medium severity (CVSS 5.4). No vendor patch available.
Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Core™ processors (10th Generation) may allow an. Rated medium severity (CVSS 5.7). No vendor patch available.
Stack-based buffer overflow for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service via local access. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.
Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information. Rated medium severity (CVSS 5.7). No vendor patch available.
Uncontrolled search path element for some Intel(R) Network Adapter Driver installers for Windows 11 before version 29.4 may allow an authenticated user to potentially enable escalation of privilege. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.
Race condition in some Administrative Tools for some Intel(R) Network Adapters package before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.
Insufficient resource pool in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds read for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable information disclosure or denial of service via local access. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Improper access control in the memory controller configurations for some Intel(R) Xeon(R) 6 processor with E-cores may allow a privileged user to potentially enable escalation of privilege via local. Rated high severity (CVSS 8.7). No vendor patch available.
Incorrect Default Permissions for some Intel(R) RealSense™ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Improper authentication in the firmware for the Intel(R) Slim Bootloader may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.1). No vendor patch available.
Time-of-check time-of-use race condition in the UEFI firmware SmiVariable driver for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to enable escalation of privilege via. Rated high severity (CVSS 8.7). No vendor patch available.
Uncontrolled search path for some Intel(R) Advisor software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Improper access control for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Rated low severity (CVSS 2.1), this vulnerability is no authentication required. No vendor patch available.
NULL pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.
Incorrect default permissions for some Intel(R) Distribution for Python software installers before version 2025.1.0 may allow an authenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 5.4). No vendor patch available.
Uncontrolled search path for some Intel(R) DSA software before version 25.2.15.9 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6 processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege. Rated medium severity (CVSS 4.5). No vendor patch available.
Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 8.8). No vendor patch available.
Uncontrolled search path in some Intel(R) AI for Enterprise Retrieval-augmented Generation software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Improper neutralization for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable information disclosure. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper access control for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable escalation of privilege. Rated low severity (CVSS 2.3), this vulnerability is no authentication required. No vendor patch available.
Protection mechanism failure in the Intel(R) Graphics Driver for the Intel(R) Arc(TM) B-Series graphics before version 32.0.101.6737 may allow an authenticated user to potentially enable denial of. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. No vendor patch available.
Protection mechanism failure for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Insertion of sensitive information into log file for some Intel(R) Local Manageability Service software before version 2514.7.16.0 may allow an authenticated user to potentially enable information. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
NULL pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Improper initialization in the Linux kernel-mode driver for some Intel(R) I350 Series Ethernet before version 5.19.2 may allow an authenticated user to potentially enable Information disclosure via. Rated low severity (CVSS 2.0), this vulnerability is low attack complexity. No vendor patch available.
Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 8.8). No vendor patch available.
Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 8.8). No vendor patch available.
Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. No vendor patch available.
Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of. Rated low severity (CVSS 2.0). No vendor patch available.
Improper access control in some firmware package and LED mode toggle tool for some Intel(R) PCIe Switch software before version MR4_1.0b1 may allow a privileged user to potentially enable escalation. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.
Improper access control for some Device Plugins for Kubernetes software maintained by Intel before version 0.32.0 may allow a privileged user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel(R) Xeon(R) processors may allow a privileged user to potentially enable escalation of. Rated high severity (CVSS 7.0). No vendor patch available.
Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable. Rated high severity (CVSS 8.8). No vendor patch available.
Uncontrolled recursion for some TinyCBOR libraries maintained by Intel(R) before version 0.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Improper input validation in some firmware for the Intel(R) E810 Ethernet before version 4.6 may allow a privileged user to enable denial of service via local access. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable denial of service via. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.
Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 8.8). No vendor patch available.
Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.
Improper synchronization in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. Rated low severity (CVSS 1.8), this vulnerability is low attack complexity. No vendor patch available.
Sequence of processor instructions leads to unexpected behavior for some Intel(R) Xeon(R) 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 5.3). No vendor patch available.
Insufficient granularity of access control in the OOB-MSM for some Intel(R) Xeon(R) 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. Rated high severity (CVSS 7.3). No vendor patch available.
Uncontrolled search path for some Intel(R) RealSense(TM) Dynamic Calibrator software before version 2.14.2.0 may allow an authenticated user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 5.4). No vendor patch available.
Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 8.8). No vendor patch available.
Out-of-bounds read in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via network access. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.
Improper buffer restrictions in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. Rated low severity (CVSS 2.0). No vendor patch available.
Uncontrolled search path element for some Intel(R) Driver & Support Assistant Tool software before version 24.6.49.8 may allow an authenticated user to potentially enable escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
Missing reference to active allocated resource for some Intel(R) Xeon(R) processors may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. No vendor patch available.
Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege. Rated medium severity (CVSS 6.9). No vendor patch available.
Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler software before version 2025.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Improper conditions check for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.110.0.5 may allow an unauthenticated user to potentially enable denial of service via adjacent. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Predictable Seed in Pseudo-Random Number Generator (PRNG) in the firmware for some Intel(R) TDX may allow an authenticated user to potentially enable information disclosure via local access. Rated low severity (CVSS 2.0), this vulnerability is low attack complexity. No vendor patch available.
Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.3). No vendor patch available.
Improper access control for some Intel(R) Rapid Storage Technology installation software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.
Untrusted Pointer Dereference for some Intel(R) QuickAssist Technology software before version 2.5.0 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Incorrect default permissions for some Intel(R) oneAPI DPC++/C++ Compiler software installers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Missing release of memory after effective lifetime in the UEFI OobRasMmbiHandlerDriver module for some Intel(R) reference server platforms may allow a privileged user to enable denial of service via. Rated medium severity (CVSS 5.6). No vendor patch available.
Time-of-check Time-of-use race condition for some Intel(R) Connectivity Performance Suite software installers before version 40.24.11210 may allow an authenticated user to potentially enable. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Observable timing discrepancy in firmware for some Intel(R) CSME and Intel(R) SPS may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.0). No vendor patch available.
Uncontrolled search path for the Intel(R) Trace Analyzer and Collector software all verions may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Time-of-check time-of-use race condition in firmware for some Intel(R) Converged Security and Management Engine may allow a privileged user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 6.8). No vendor patch available.
Uncontrolled recursion for some TinyCBOR libraries maintained by Intel(R) before version 0.6.1 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 4.1). No vendor patch available.
Incorrect default permissions for some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Uncontrolled search path for some Intel(R) oneAPI Toolkit and component software installers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Out-of-bounds read in some Intel(R) TDX module software before version TDX_1.5.07.00.774 may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.7). No vendor patch available.
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In the Linux kernel, the following vulnerability has been resolved: mm, slab: clean up slab->obj_exts always When memory allocation profiling is disabled at runtime or due to an error,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Incorrect default permissions in some Intel(R) Gaudi(R) software installers before version 1.18 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.
Incorrect initialization of resource in the branch prediction unit for some Intel(R) Core™ Ultra Processors may allow an authenticated user to potentially enable information disclosure via local. Rated medium severity (CVSS 6.8). No vendor patch available.
Improper input validation in the UEFI firmware error handler for the Intel(R) Server D50DNP and M50FCP may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7). No vendor patch available.
Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
Uncontrolled resource consumption for some OpenVINO™ model server software maintained by Intel(R) before version 2024.4 may allow an unauthenticated user to potentially enable denial of service via. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper conditions check for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Improper access control for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an unauthenticated user to potentially enable information disclosure via adjacent access. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 8.8). No vendor patch available.
Insecure inherited permissions for some Intel(R) Simics(R) Package Manager software before version 1.12.0 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Inadequate encryption strength for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Improper initialization in the UEFI firmware for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.6). No vendor patch available.
Uncontrolled search path for some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Improper input validation in the UEFI firmware DXE module for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.
Protection mechanism failure for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local access. Rated low severity (CVSS 2.0). No vendor patch available.
Insecure inherited permissions in the NVM Update Utility for some Intel(R) Ethernet Network Adapter E810 Series before version 4.60 may allow an authenticated user to potentially enable escalation of. Rated medium severity (CVSS 5.4). No vendor patch available.
Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Core™ processors (10th Generation) may allow an. Rated medium severity (CVSS 5.7). No vendor patch available.
Stack-based buffer overflow for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service via local access. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.
Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information. Rated medium severity (CVSS 5.7). No vendor patch available.
Uncontrolled search path element for some Intel(R) Network Adapter Driver installers for Windows 11 before version 29.4 may allow an authenticated user to potentially enable escalation of privilege. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.
Race condition in some Administrative Tools for some Intel(R) Network Adapters package before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.
Insufficient resource pool in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Out-of-bounds read for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable information disclosure or denial of service via local access. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Improper access control in the memory controller configurations for some Intel(R) Xeon(R) 6 processor with E-cores may allow a privileged user to potentially enable escalation of privilege via local. Rated high severity (CVSS 8.7). No vendor patch available.
Incorrect Default Permissions for some Intel(R) RealSense™ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Improper authentication in the firmware for the Intel(R) Slim Bootloader may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.1). No vendor patch available.
Time-of-check time-of-use race condition in the UEFI firmware SmiVariable driver for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to enable escalation of privilege via. Rated high severity (CVSS 8.7). No vendor patch available.
Uncontrolled search path for some Intel(R) Advisor software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Improper access control for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Rated low severity (CVSS 2.1), this vulnerability is no authentication required. No vendor patch available.
NULL pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.