Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    3276 vulnerabilities by Intel

    CERTFR-2026-AVI-0582

    Vulnerability from certfr_avis - Published: 2026-05-13 - Updated: 2026-05-13

    De multiples vulnérabilités ont été découvertes dans les produits Intel. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Intel N/A AI Playground versions antérieures à 3.0.0 alpha
    Intel N/A pilotes NPU pour Linux versions antérieures à 1.26.0
    Intel les processeurs Intel Core i5-1145G7E/GRE
    Intel N/A pilotes Display Virtualization pour windows versions antérieures à 2119
    Intel N/A pilotes Ethernet 800 Series pour Linuxversions antérieures à 2.3.14
    Intel les processeurs Intel Core i7-1185G7E/GRE
    Intel les processeurs Intel Atom Processor E3900 Series
    Intel les processeurs Intel Core i3-11100HE
    Intel les processeurs Intel Core i3-1115GRE/G4E
    Intel les processeurs Intel Xeon W-11865MLE/MRE
    Intel les processeurs Intel 10th Generation Intel Core Processor Family
    Intel N/A Connectivity Performance Suite versions antérieures à 50.25.1121.193
    Intel les processeurs Intel Core i5-11500HE
    Intel N/A EMA versions antéieures à 1.14.5
    Intel les processeurs Intel Core Ultra 200S Series Processors
    Intel N/A Server Firmware Update Utility versions antérieures à 16.0.12
    Intel N/A Vision toutes versions
    Intel les processeurs Intel Panther Lake H 4P+8E+4LP_E+12Xe Product
    Intel les processeurs Intel Core Ultra Processors (Series 3)
    Intel les processeurs Intel Core i7-11850HE
    Intel les processeurs Intel Celeron 6600HE/HLE
    Intel les processeurs Intel Xeon Processor D Family
    Intel les processeurs Intel Xeon W-11155MLE/MRE
    Intel les processeurs Intel Core Ultra Processors (Series 2)
    Intel N/A pilotes QAT pour Windows versions 1.x antérieures à 1.13
    Intel les processeurs Intel 5th Generation Xeon Scalable processor
    Intel les processeurs Intel 11th Generation Intel Core Processor Family
    Intel les processeurs Intel Xeon Processor E Family
    Intel les processeurs Intel 4th Generation Xeon Scalable processor
    Intel N/A pilotes QAT pour Windows versions 2.x antérieures à 2.6.0
    Intel N/A pilotes Data Center Graphics pour VMware ESXi versions antérieures à 2.0.2
    Intel les processeurs Intel Celeron 6305E/RE
    Intel N/A pilotes NPU pour Windows versions antérieures à 32.0.100.4511
    Intel les processeurs Intel Core Ultra Family
    Intel les processeurs Intel Celeron Processor Family
    Intel les processeurs Intel Xeon W-11555MLE/MRE
    Intel les processeurs Intel 12th Generation Intel Core Processor Family
    Intel les processeurs Intel Pentium Gold Processor Family
    Intel les processeurs Intel 13th Generation Intel Core Processor Family
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "AI Playground versions ant\u00e9rieures \u00e0 3.0.0 alpha",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "pilotes NPU pour Linux versions ant\u00e9rieures \u00e0 1.26.0",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Core i5-1145G7E/GRE",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "pilotes Display Virtualization pour windows versions ant\u00e9rieures \u00e0 2119",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "pilotes Ethernet 800 Series pour Linuxversions ant\u00e9rieures \u00e0 2.3.14",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Core i7-1185G7E/GRE",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Atom Processor E3900 Series",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Core i3-11100HE",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Core i3-1115GRE/G4E",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Xeon W-11865MLE/MRE",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "10th Generation Intel Core Processor Family",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Connectivity Performance Suite versions ant\u00e9rieures \u00e0 50.25.1121.193",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Core i5-11500HE",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "EMA versions ant\u00e9ieures \u00e0 1.14.5",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": " Core Ultra 200S Series Processors",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Server Firmware Update Utility versions ant\u00e9rieures \u00e0 16.0.12",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Vision toutes versions",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "\nPanther Lake H 4P+8E+4LP_E+12Xe Product",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Core Ultra Processors (Series 3) ",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Core i7-11850HE",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Celeron 6600HE/HLE",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Xeon Processor D Family",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Xeon W-11155MLE/MRE",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Core Ultra Processors (Series 2)",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "pilotes QAT pour Windows versions 1.x ant\u00e9rieures \u00e0 1.13",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": " 5th Generation Xeon Scalable processor",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "11th Generation Intel Core Processor Family",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Xeon Processor E Family",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "4th Generation Xeon Scalable processor",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "pilotes QAT pour Windows versions 2.x ant\u00e9rieures \u00e0 2.6.0",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "pilotes Data Center Graphics pour VMware ESXi versions ant\u00e9rieures \u00e0 2.0.2",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Celeron 6305E/RE",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "pilotes NPU pour Windows versions ant\u00e9rieures \u00e0 32.0.100.4511",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Core Ultra Family",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Celeron Processor Family",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Xeon W-11555MLE/MRE",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "12th Generation Intel Core Processor Family",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Pentium Gold Processor Family",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "13th Generation Intel Core Processor Family",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [],
      "initial_release_date": "2026-05-13T00:00:00",
      "last_revision_date": "2026-05-13T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0582",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-05-13T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
      "vendor_advisories": [
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-01457",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01457.html"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-01387",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-01429",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01429.html"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-01410",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01410.html"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-01425",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01425.html"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-01426",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01426.html"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-01424",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01424.html"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-01413",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01413.html"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-01438",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01438.html"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-01402",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01402.html"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-01430",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01430.html"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-01420",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01420.html"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-01434",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01434.html"
        }
      ]
    }

    CERTFR-2026-AVI-0261

    Vulnerability from certfr_avis - Published: 2026-03-11 - Updated: 2026-03-11

    De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer une élévation de privilèges et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Intel les processeurs Intel Intel Xeon D processor Family
    Intel les processeurs Intel Intel Core X-series Processors
    Intel les processeurs Intel 8th Generation Intel Core Processor Family
    Intel les processeurs Intel Intel Atom Processor X Series
    Intel les processeurs Intel Intel Xeon W processor 2200 series
    Intel les processeurs Intel Intel Xeon Scalable processor family
    Intel les processeurs Intel Intel Atom Processors
    Intel les processeurs Intel Intel Xeon 6
    Intel les processeurs Intel Intel Atom C5000 and P5000 Product Family
    Intel les processeurs Intel 10th Generation Intel Core Processor Family
    Intel les processeurs Intel Intel Xeon W processor 2100 series Intel Core X-series processor
    Intel les processeurs Intel Intel Xeon Processor E7 v3 Family
    Intel les processeurs Intel Intel Core Ultra Processors Series 1
    Intel les processeurs Intel 3rd Generation Intel Xeon Scalable Processor Family
    Intel les processeurs Intel 7th Generation Intel Core Processor Family
    Intel les processeurs Intel Intel Atom C processor Family
    Intel les processeurs Intel 9th Generation Intel Core Processor Family
    Intel les processeurs Intel Intel Xeon Processor D NS Family
    Intel les processeurs Intel 5th Generation Intel Xeon Scalable Processors
    Intel les processeurs Intel Intel Core Ultra Processors Series 2
    Intel les processeurs Intel 13th Generation Intel Core Processors
    Intel les processeurs Intel 12th Generation Intel Core Processors
    Intel les processeurs Intel Intel Xeon E processor family
    Intel les processeurs Intel Intel Xeon Processor E5 v4 Family
    Intel les processeurs Intel Intel Atom Processors P6000
    Intel les processeurs Intel 2nd Generation Intel Xeon Scalable Processors
    Intel les processeurs Intel 1st Generation Intel Xeon Scalable processor
    Intel les processeurs Intel 11th Generation Intel Core Processors
    Intel les processeurs Intel 4th Generation Intel Xeon Scalable processors
    Intel les processeurs Intel Intel Xeon W Processor Family
    Intel les processeurs Intel Intel Xeon W processor 3100 series
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Intel Xeon D processor Family",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Intel Core X-series Processors",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "8th Generation Intel Core Processor Family",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Intel Atom Processor X Series",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Intel Xeon W processor 2200 series",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Intel Xeon Scalable processor family",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Intel Atom Processors",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Intel Xeon 6",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Intel Atom C5000 and P5000 Product Family",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "10th Generation Intel Core Processor Family",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Intel Xeon W processor 2100 series\n\nIntel Core X-series processor",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Intel Xeon Processor E7 v3 Family",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Intel Core Ultra Processors Series 1",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "3rd Generation Intel Xeon Scalable Processor Family",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "7th Generation Intel Core Processor Family",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Intel Atom C processor Family",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "9th Generation Intel Core Processor Family ",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Intel Xeon Processor D NS Family",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "5th Generation Intel  Xeon Scalable Processors",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Intel Core Ultra Processors Series 2",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "13th Generation Intel Core Processors\n\n",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "12th Generation Intel Core Processors",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Intel Xeon E processor family ",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Intel Xeon Processor E5 v4 Family ",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Intel Atom Processors P6000",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "2nd Generation Intel Xeon Scalable Processors",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "1st Generation Intel Xeon Scalable processor",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "11th Generation Intel Core Processors",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "4th Generation Intel Xeon Scalable processors",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Intel Xeon W Processor Family",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Intel Xeon W processor 3100 series",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-20068",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20068"
        },
        {
          "name": "CVE-2025-22850",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22850"
        },
        {
          "name": "CVE-2025-20005",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20005"
        },
        {
          "name": "CVE-2025-20027",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20027"
        },
        {
          "name": "CVE-2025-22444",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22444"
        },
        {
          "name": "CVE-2025-20105",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20105"
        },
        {
          "name": "CVE-2025-20073",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20073"
        },
        {
          "name": "CVE-2025-20096",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20096"
        },
        {
          "name": "CVE-2025-20028",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20028"
        },
        {
          "name": "CVE-2025-20064",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20064"
        }
      ],
      "initial_release_date": "2026-03-11T00:00:00",
      "last_revision_date": "2026-03-11T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0261",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-03-11T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
      "vendor_advisories": [
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-01234",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01234.html"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-01393",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01393.html"
        }
      ]
    }

    CERTFR-2026-AVI-0148

    Vulnerability from certfr_avis - Published: 2026-02-11 - Updated: 2026-02-11

    De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Intel les processeurs Intel Intel Optane PMem management software versions CR_MGMT_01.00.00.3584, CR_MGMT_02.00.00.4052, CR_MGMT_03.00.00.0538.
    Intel les processeurs Intel AI Playground software versions antérieures à 2.6.1 beta.
    Intel les processeurs Intel Intel Server Firmware Update Utility software versions antérieures à 16.0.12.
    Intel les processeurs Intel BIOS and System Firmware Update Package (SFUP) for Windows and Linux for Intel Server M50FCP Family versions antérieures à R01.02.0004.
    Intel les processeurs Intel Intel oneAPI Base Toolkits versions antérieures à 2025.0.
    Intel les processeurs Intel Intel Server Chipset Driver Software versions antérieures à 10.1.20266.8668 for Windows for Intel Server Boards and Systems Based on Intel 741 Chipset.
    Intel les processeurs Intel Intel Battery Life Diagnostic Tool software versions antérieures à 2.7.
    Intel les processeurs Intel ESXi base driver (icen) for Intel 800 Series Ethernet versions antérieures à 2.2.2.0 (ESXi 8.0). ESXi base driver (icen) for Intel 800 Series Ethernet versions antérieures à 2.2.3.0 (ESXi 9.0).
    Intel les processeurs Intel Intel Server Board D50TNP Family BIOS and System Firmware Update Package (SFUP) for Windows and Linux versions antérieures à R01.01.0010.
    Intel les processeurs Intel Intel Server Board M50CYP Family BIOS and System Firmware Update Package (SFUP) for Windows and Linux versions antérieures à R01.01.0010.
    Intel les processeurs Intel BIOS and System Firmware Update Package (SFUP) for Windows and Linux for Intel Server D50DNP Family versions antérieures à R01.02.0004.
    Intel les processeurs Intel Intel MAS software versions antérieures à 2.5.2
    Intel les processeurs Intel System Firmware Update Utility (SysFwUpdt) for Intel Server Boards and Intel Server Systems Based versions antérieures à 16.0.12.
    Intel les processeurs Intel VTune Profiler software versions antérieures à 2025.0.
    Intel les processeurs Intel Intel Ethernet Adapters 800 Series Controllers and associated adapters versions 30.3 or later.
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Intel Optane PMem management software versions CR_MGMT_01.00.00.3584, CR_MGMT_02.00.00.4052, CR_MGMT_03.00.00.0538.",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "AI Playground software versions ant\u00e9rieures \u00e0 2.6.1 beta.",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Intel Server Firmware Update Utility software versions ant\u00e9rieures \u00e0 16.0.12.",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "BIOS and System Firmware Update Package (SFUP) for Windows and Linux for Intel Server M50FCP Family versions ant\u00e9rieures \u00e0 R01.02.0004.",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Intel oneAPI Base Toolkits versions ant\u00e9rieures \u00e0 2025.0.",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Intel Server Chipset Driver Software versions ant\u00e9rieures \u00e0 10.1.20266.8668 for Windows for Intel Server Boards and Systems Based on Intel 741 Chipset.",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Intel Battery Life Diagnostic Tool software versions ant\u00e9rieures \u00e0 2.7.",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "ESXi base driver (icen) for Intel 800 Series Ethernet versions ant\u00e9rieures \u00e0 2.2.2.0 (ESXi 8.0).\n\nESXi base driver (icen) for Intel 800 Series Ethernet versions ant\u00e9rieures \u00e0 2.2.3.0 (ESXi 9.0).",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Intel Server Board D50TNP Family BIOS and System Firmware Update Package (SFUP) for Windows and Linux versions ant\u00e9rieures \u00e0 R01.01.0010.",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Intel Server Board M50CYP Family BIOS and System Firmware Update Package (SFUP) for Windows and Linux versions ant\u00e9rieures \u00e0 R01.01.0010.",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "BIOS and System Firmware Update Package (SFUP) for Windows and Linux for Intel Server D50DNP Family versions ant\u00e9rieures \u00e0 R01.02.0004.",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Intel MAS software versions ant\u00e9rieures \u00e0 2.5.2",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "System Firmware Update Utility (SysFwUpdt) for Intel Server Boards and Intel Server Systems Based versions ant\u00e9rieures \u00e0 16.0.12.",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "VTune Profiler software versions ant\u00e9rieures \u00e0 2025.0.",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        },
        {
          "description": "Intel Ethernet Adapters 800 Series Controllers and associated adapters versions 30.3 or later.\n\n",
          "product": {
            "name": "les processeurs Intel",
            "vendor": {
              "name": "Intel",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-25058",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-25058"
        },
        {
          "name": "CVE-2025-31944",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-31944"
        },
        {
          "name": "CVE-2025-22453",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22453"
        },
        {
          "name": "CVE-2025-32007",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32007"
        },
        {
          "name": "CVE-2025-33030",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-33030"
        },
        {
          "name": "CVE-2025-32003",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32003"
        },
        {
          "name": "CVE-2025-32735",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32735"
        },
        {
          "name": "CVE-2025-31655",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-31655"
        },
        {
          "name": "CVE-2025-32739",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32739"
        },
        {
          "name": "CVE-2025-27940",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27940"
        },
        {
          "name": "CVE-2025-32008",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32008"
        },
        {
          "name": "CVE-2025-35992",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-35992"
        },
        {
          "name": "CVE-2025-27535",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27535"
        },
        {
          "name": "CVE-2025-25210",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-25210"
        },
        {
          "name": "CVE-2025-27243",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27243"
        },
        {
          "name": "CVE-2025-35998",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-35998"
        },
        {
          "name": "CVE-2025-35999",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-35999"
        },
        {
          "name": "CVE-2025-31648",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-31648"
        },
        {
          "name": "CVE-2025-32467",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32467"
        },
        {
          "name": "CVE-2025-20080",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20080"
        },
        {
          "name": "CVE-2025-27572",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27572"
        },
        {
          "name": "CVE-2025-20106",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20106"
        },
        {
          "name": "CVE-2025-36511",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36511"
        },
        {
          "name": "CVE-2025-32452",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32452"
        },
        {
          "name": "CVE-2025-22849",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22849"
        },
        {
          "name": "CVE-2025-32453",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32453"
        },
        {
          "name": "CVE-2025-22885",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22885"
        },
        {
          "name": "CVE-2025-32092",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32092"
        },
        {
          "name": "CVE-2025-36522",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-36522"
        },
        {
          "name": "CVE-2025-30513",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30513"
        },
        {
          "name": "CVE-2025-27708",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27708"
        },
        {
          "name": "CVE-2025-20070",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-20070"
        },
        {
          "name": "CVE-2025-24851",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-24851"
        },
        {
          "name": "CVE-2025-30508",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30508"
        },
        {
          "name": "CVE-2025-27560",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27560"
        }
      ],
      "initial_release_date": "2026-02-11T00:00:00",
      "last_revision_date": "2026-02-11T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0148",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-02-11T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
      "vendor_advisories": [
        {
          "published_at": "2026-02-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01323",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01323.html"
        },
        {
          "published_at": "2026-02-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01414",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01414.html"
        },
        {
          "published_at": "2026-02-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01315",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01315.html"
        },
        {
          "published_at": "2026-02-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01408",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01408.html"
        },
        {
          "published_at": "2026-02-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01401",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01401.html"
        },
        {
          "published_at": "2026-02-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01396",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01396.html"
        },
        {
          "published_at": "2026-02-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01171",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01171.html"
        },
        {
          "published_at": "2026-02-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01403",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01403.html"
        },
        {
          "published_at": "2026-02-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01406",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01406.html"
        },
        {
          "published_at": "2026-02-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01265",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01265.html"
        },
        {
          "published_at": "2026-02-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01412",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01412.html"
        },
        {
          "published_at": "2026-02-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01385",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01385.html"
        },
        {
          "published_at": "2026-02-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01397",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01397.html"
        },
        {
          "published_at": "2026-02-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01314",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01314.html"
        },
        {
          "published_at": "2026-02-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01325",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01325.html"
        },
        {
          "published_at": "2026-02-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01411",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01411.html"
        },
        {
          "published_at": "2026-02-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01415",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01415.html"
        },
        {
          "published_at": "2026-02-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01399",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01399.html"
        }
      ]
    }

    CVE-2026-20767 (GCVE-0-2026-20767)

    Vulnerability from nvd – Published: 2026-05-12 17:33 – Updated: 2026-05-13 03:58
    VLAI
    Summary
    Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Escalation of Privilege
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    n/a Intel(R) QAT software drivers for Windows Affected: before version 1.13
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20767",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:58:43.491Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Intel(R) QAT software drivers for Windows",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before version 1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Escalation of Privilege",
                  "lang": "en"
                },
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T17:33:02.281Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html",
              "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2026-20767",
        "datePublished": "2026-05-12T17:33:02.281Z",
        "dateReserved": "2025-12-04T04:00:32.808Z",
        "dateUpdated": "2026-05-13T03:58:43.491Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20714 (GCVE-0-2026-20714)

    Vulnerability from nvd – Published: 2026-05-12 17:31 – Updated: 2026-05-13 03:58
    VLAI
    Summary
    Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Escalation of Privilege
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    n/a Intel(R) QAT software drivers for Windows Affected: before version 1.13
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20714",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:58:41.980Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Intel(R) QAT software drivers for Windows",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before version 1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Escalation of Privilege",
                  "lang": "en"
                },
                {
                  "cweId": "CWE-787",
                  "description": "Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T17:31:55.276Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html",
              "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2026-20714",
        "datePublished": "2026-05-12T17:31:55.276Z",
        "dateReserved": "2025-12-04T04:00:32.877Z",
        "dateUpdated": "2026-05-13T03:58:41.980Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20914 (GCVE-0-2026-20914)

    Vulnerability from nvd – Published: 2026-05-12 16:35 – Updated: 2026-05-12 17:07
    VLAI
    Summary
    Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 2.6.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Denial of Service
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    n/a Intel(R) QAT software drivers for Windows Affected: before version 2.6.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20914",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T17:00:05.590214Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T17:07:03.241Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Intel(R) QAT software drivers for Windows",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before version 2.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 2.6.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en"
                },
                {
                  "cweId": "CWE-476",
                  "description": "NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:35:01.200Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html",
              "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2026-20914",
        "datePublished": "2026-05-12T16:35:01.200Z",
        "dateReserved": "2025-12-04T04:00:32.755Z",
        "dateUpdated": "2026-05-12T17:07:03.241Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20905 (GCVE-0-2026-20905)

    Vulnerability from nvd – Published: 2026-05-12 16:34 – Updated: 2026-05-12 17:07
    VLAI
    Summary
    Improper input validation for some Intel(R) QAT software drivers for Windows before version 2.6 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Denial of Service
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    n/a Intel(R) QAT software drivers for Windows Affected: before version 2.6
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20905",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T17:00:17.369467Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T17:07:11.535Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Intel(R) QAT software drivers for Windows",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before version 2.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper input validation for some Intel(R) QAT software drivers for Windows before version 2.6 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en"
                },
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:34:58.654Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html",
              "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2026-20905",
        "datePublished": "2026-05-12T16:34:58.654Z",
        "dateReserved": "2025-12-04T04:00:32.867Z",
        "dateUpdated": "2026-05-12T17:07:11.535Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20881 (GCVE-0-2026-20881)

    Vulnerability from nvd – Published: 2026-05-12 16:34 – Updated: 2026-05-12 17:17
    VLAI
    Summary
    Divide by zero for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Denial of Service
    • CWE-369 - Divide By Zero
    Assigner
    Impacted products
    Vendor Product Version
    n/a Intel(R) QAT software drivers for Windows Affected: before version 1.13
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20881",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T17:11:53.010628Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T17:17:23.966Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Intel(R) QAT software drivers for Windows",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before version 1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Divide by zero for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en"
                },
                {
                  "cweId": "CWE-369",
                  "description": "Divide By Zero",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:34:54.155Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html",
              "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2026-20881",
        "datePublished": "2026-05-12T16:34:54.155Z",
        "dateReserved": "2025-12-04T04:00:32.822Z",
        "dateUpdated": "2026-05-12T17:17:23.966Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20793 (GCVE-0-2026-20793)

    Vulnerability from nvd – Published: 2026-05-12 16:34 – Updated: 2026-05-12 17:17
    VLAI
    Summary
    Unchecked return value for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (low) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Denial of Service
    • CWE-252 - Unchecked Return Value
    Assigner
    Impacted products
    Vendor Product Version
    n/a Intel(R) QAT software drivers for Windows Affected: before version 1.13
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20793",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T17:15:04.880732Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T17:17:53.718Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Intel(R) QAT software drivers for Windows",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before version 1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unchecked return value for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (low) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en"
                },
                {
                  "cweId": "CWE-252",
                  "description": "Unchecked Return Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:34:47.313Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html",
              "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2026-20793",
        "datePublished": "2026-05-12T16:34:47.313Z",
        "dateReserved": "2025-12-09T04:00:18.763Z",
        "dateUpdated": "2026-05-12T17:17:53.718Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20782 (GCVE-0-2026-20782)

    Vulnerability from nvd – Published: 2026-05-12 16:34 – Updated: 2026-05-12 17:18
    VLAI
    Summary
    Buffer overflow for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Denial of Service
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    n/a Intel(R) QAT software drivers for Windows Affected: before version 1.13
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20782",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T17:15:13.504191Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T17:18:02.848Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Intel(R) QAT software drivers for Windows",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before version 1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en"
                },
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:34:44.738Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html",
              "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2026-20782",
        "datePublished": "2026-05-12T16:34:44.738Z",
        "dateReserved": "2025-12-04T04:00:32.846Z",
        "dateUpdated": "2026-05-12T17:18:02.848Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20771 (GCVE-0-2026-20771)

    Vulnerability from nvd – Published: 2026-05-12 16:34 – Updated: 2026-05-12 17:18
    VLAI
    Summary
    Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Denial of Service
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    n/a Intel(R) QAT software drivers for Windows Affected: before version 1.13
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20771",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T17:15:54.802696Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T17:18:23.761Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Intel(R) QAT software drivers for Windows",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before version 1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en"
                },
                {
                  "cweId": "CWE-476",
                  "description": "NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:34:40.333Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html",
              "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2026-20771",
        "datePublished": "2026-05-12T16:34:40.333Z",
        "dateReserved": "2025-12-04T04:00:32.831Z",
        "dateUpdated": "2026-05-12T17:18:23.761Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20717 (GCVE-0-2026-20717)

    Vulnerability from nvd – Published: 2026-05-12 16:34 – Updated: 2026-05-12 17:04
    VLAI
    Summary
    Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Denial of Service
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    n/a Intel(R) QAT software drivers for Windows Affected: before version 1.13
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20717",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T17:02:29.098032Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T17:04:15.847Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Intel(R) QAT software drivers for Windows",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before version 1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en"
                },
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:34:23.835Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html",
              "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2026-20717",
        "datePublished": "2026-05-12T16:34:23.835Z",
        "dateReserved": "2025-12-09T04:00:18.741Z",
        "dateUpdated": "2026-05-12T17:04:15.847Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32739 (GCVE-0-2025-32739)

    Vulnerability from nvd – Published: 2026-02-10 16:25 – Updated: 2026-02-10 17:31
    VLAI
    Summary
    Improper conditions check in some firmware for some Intel(R) Graphics Drivers and Intel LTS kernels within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (low) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Denial of Service
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    Impacted products
    Vendor Product Version
    n/a Intel(R) Graphics Drivers and Intel LTS kernels Affected: See references
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32739",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-10T17:31:46.920447Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-10T17:31:52.116Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Intel(R) Graphics Drivers and Intel LTS kernels",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "See references"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper conditions check in some firmware for some Intel(R) Graphics Drivers and Intel LTS kernels within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (low) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 2.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
                "version": "3.1"
              },
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2,
                "baseSeverity": "LOW",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en"
                },
                {
                  "cweId": "CWE-754",
                  "description": "Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-10T16:25:55.444Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01385.html",
              "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01385.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2025-32739",
        "datePublished": "2026-02-10T16:25:55.444Z",
        "dateReserved": "2025-04-15T21:11:09.799Z",
        "dateUpdated": "2026-02-10T17:31:52.116Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32092 (GCVE-0-2025-32092)

    Vulnerability from nvd – Published: 2026-02-10 16:25 – Updated: 2026-02-26 15:04
    VLAI
    Summary
    Insecure inherited permissions for some Intel(R) Graphics Software before version 25.30.1702.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Escalation of Privilege
    • CWE-277 - Insecure Inherited Permissions
    Assigner
    Impacted products
    Vendor Product Version
    n/a Intel(R) Graphics Software Affected: before version 25.30.1702.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32092",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-11T04:56:27.514033Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T15:04:09.346Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Intel(R) Graphics Software",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before version 25.30.1702.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insecure inherited permissions for some Intel(R) Graphics Software before version 25.30.1702.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Escalation of Privilege",
                  "lang": "en"
                },
                {
                  "cweId": "CWE-277",
                  "description": "Insecure Inherited Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-10T16:25:46.732Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01385.html",
              "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01385.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2025-32092",
        "datePublished": "2026-02-10T16:25:46.732Z",
        "dateReserved": "2025-04-15T21:18:44.523Z",
        "dateUpdated": "2026-02-26T15:04:09.346Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14625 (GCVE-0-2025-14625)

    Vulnerability from nvd – Published: 2026-01-06 21:42 – Updated: 2026-01-28 22:28
    VLAI
    Title
    Quartus® Prime Standard and Quartus® Prime Lite Security Advisory
    Summary
    Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows (Nios II Command Shell modules), Altera Quartus Prime Lite on Windows (Nios II Command Shell modules) allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 19.1 through 24.1; Quartus Prime Lite: from 19.1 through 24.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Vendor Product Version
    Altera Quartus Prime Standard Affected: 19.1 , ≤ 24.1 (custom)
    Create a notification for this product.
    Altera Quartus Prime Lite Affected: 19.1 , ≤ 24.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14625",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-06T21:49:26.029382Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-06T21:49:33.995Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Nios II Command Shell"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "Quartus Prime Standard",
              "vendor": "Altera",
              "versions": [
                {
                  "lessThanOrEqual": "24.1",
                  "status": "affected",
                  "version": "19.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Nios II Command Shell"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "Quartus Prime Lite",
              "vendor": "Altera",
              "versions": [
                {
                  "lessThanOrEqual": "24.1",
                  "status": "affected",
                  "version": "19.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:altera:quartus_prime_standard:*:*:windows:*:*:*:*:*",
                      "versionEndIncluding": "24.1",
                      "versionStartIncluding": "19.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:altera:quartus_prime_lite:*:*:windows:*:*:*:*:*",
                      "versionEndIncluding": "24.1",
                      "versionStartIncluding": "19.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows (Nios II Command Shell modules), Altera Quartus Prime Lite on Windows (Nios II Command Shell modules) allows Search Order Hijacking.\u003cp\u003eThis issue affects Quartus Prime Standard: from 19.1 through 24.1; Quartus Prime Lite: from 19.1 through 24.1.\u003c/p\u003e"
                }
              ],
              "value": "Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows (Nios II Command Shell modules), Altera Quartus Prime Lite on Windows (Nios II Command Shell modules) allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 19.1 through 24.1; Quartus Prime Lite: from 19.1 through 24.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-471",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-471 Search Order Hijacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-28T22:28:10.748Z",
            "orgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
            "shortName": "Altera"
          },
          "references": [
            {
              "url": "https://www.altera.com/security/security-advisory/asa-0005"
            },
            {
              "url": "https://community.altera.com/kb/knowledge-base/how-to-mitigate-the-security-vulnerability-in-the-nios%C2%AE-ii-command-shell-utility/350185"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Quartus\u00ae Prime Standard and Quartus\u00ae Prime Lite Security Advisory",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
        "assignerShortName": "Altera",
        "cveId": "CVE-2025-14625",
        "datePublished": "2026-01-06T21:42:28.480Z",
        "dateReserved": "2025-12-12T21:06:52.874Z",
        "dateUpdated": "2026-01-28T22:28:10.748Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14614 (GCVE-0-2025-14614)

    Vulnerability from nvd – Published: 2026-01-06 21:38 – Updated: 2026-01-06 21:49
    VLAI
    Title
    Quartus® Prime Standard and Quartus® Prime Lite Security Advisory
    Summary
    Insecure Temporary File vulnerability in Altera Quartus Prime Standard  Installer (SFX) on Windows, Altera Quartus Prime Lite  Installer (SFX) on Windows allows Explore for Predictable Temporary File Names.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-377 - Insecure Temporary File
    Assigner
    Impacted products
    Vendor Product Version
    Altera Quartus Prime Standard Affected: 23.1 , ≤ 24.1 (custom)
    Create a notification for this product.
    Altera Quartus Prime Lite Affected: 23.1 , ≤ 24.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14614",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-06T21:48:49.532347Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-06T21:49:00.340Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Installer"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "Quartus Prime Standard",
              "vendor": "Altera",
              "versions": [
                {
                  "lessThanOrEqual": "24.1",
                  "status": "affected",
                  "version": "23.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Installer"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "Quartus Prime Lite",
              "vendor": "Altera",
              "versions": [
                {
                  "lessThanOrEqual": "24.1",
                  "status": "affected",
                  "version": "23.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:altera:quartus_prime_standard:*:*:windows:*:*:*:*:*",
                      "versionEndIncluding": "24.1",
                      "versionStartIncluding": "23.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:altera:quartus_prime_lite:*:*:windows:*:*:*:*:*",
                      "versionEndIncluding": "24.1",
                      "versionStartIncluding": "23.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insecure Temporary File vulnerability in Altera Quartus Prime Standard\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstaller (SFX)\u003c/span\u003e\n\n on Windows, Altera Quartus Prime Lite\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstaller (SFX)\u003c/span\u003e\n\n on Windows allows Explore for Predictable Temporary File Names.\u003cp\u003eThis issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1.\u003c/p\u003e"
                }
              ],
              "value": "Insecure Temporary File vulnerability in Altera Quartus Prime Standard\u00a0\n\nInstaller (SFX)\n\n on Windows, Altera Quartus Prime Lite\u00a0\n\nInstaller (SFX)\n\n on Windows allows Explore for Predictable Temporary File Names.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-149",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-149 Explore for Predictable Temporary File Names"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-377",
                  "description": "CWE-377: Insecure Temporary File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-06T21:38:05.375Z",
            "orgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
            "shortName": "Altera"
          },
          "references": [
            {
              "url": "https://www.altera.com/security/security-advisory/asa-0005"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Quartus\u00ae Prime Standard and Quartus\u00ae Prime Lite Security Advisory",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
        "assignerShortName": "Altera",
        "cveId": "CVE-2025-14614",
        "datePublished": "2026-01-06T21:38:05.375Z",
        "dateReserved": "2025-12-12T20:46:03.303Z",
        "dateUpdated": "2026-01-06T21:49:00.340Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14612 (GCVE-0-2025-14612)

    Vulnerability from nvd – Published: 2026-01-06 21:24 – Updated: 2026-01-07 16:56
    VLAI
    Title
    Quartus Prime Pro Edition Advisory
    Summary
    Insecure Temporary File vulnerability in Altera Quartus Prime Pro  Installer (SFX) on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-377 - Insecure Temporary File
    Assigner
    Impacted products
    Vendor Product Version
    Altera Quartus Prime Pro Affected: 24.1 , ≤ 25.1.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14612",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-07T16:56:03.412462Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-07T16:56:08.645Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Installer"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "Quartus Prime Pro",
              "vendor": "Altera",
              "versions": [
                {
                  "lessThanOrEqual": "25.1.1",
                  "status": "affected",
                  "version": "24.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:altera:quartus_prime_pro:*:*:windows:*:*:*:*:*",
                      "versionEndIncluding": "25.1.1",
                      "versionStartIncluding": "24.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insecure Temporary File vulnerability in Altera Quartus Prime Pro\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstaller (SFX)\u003c/span\u003e\n\n on Windows allows : Use of Predictable File Names.\u003cp\u003eThis issue affects Quartus Prime Pro: from 24.1 through 25.1.1.\u003c/p\u003e"
                }
              ],
              "value": "Insecure Temporary File vulnerability in Altera Quartus Prime Pro\u00a0\n\nInstaller (SFX)\n\n on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-149",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-149 Explore for Predictable Temporary File Names"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-377",
                  "description": "CWE-377: Insecure Temporary File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-06T21:38:58.670Z",
            "orgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
            "shortName": "Altera"
          },
          "references": [
            {
              "url": "https://www.altera.com/security/security-advisory/asa-0004"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Quartus Prime Pro Edition Advisory",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
        "assignerShortName": "Altera",
        "cveId": "CVE-2025-14612",
        "datePublished": "2026-01-06T21:24:33.025Z",
        "dateReserved": "2025-12-12T20:34:39.402Z",
        "dateUpdated": "2026-01-07T16:56:08.645Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14605 (GCVE-0-2025-14605)

    Vulnerability from nvd – Published: 2026-01-06 21:15 – Updated: 2026-01-07 16:55
    VLAI
    Title
    Quartus Prime Pro Edition Advisory
    Summary
    Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.1.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Vendor Product Version
    Altera Quartus Prime Pro Affected: 17.0 , ≤ 25.1.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14605",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-07T16:55:19.083370Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-07T16:55:28.143Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "System Console"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "Quartus Prime Pro",
              "vendor": "Altera",
              "versions": [
                {
                  "lessThanOrEqual": "25.1.1",
                  "status": "affected",
                  "version": "17.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:altera:quartus_prime_pro:*:*:windows:*:*:*:*:*",
                      "versionEndIncluding": "25.1.1",
                      "versionStartIncluding": "17.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.\u003cp\u003eThis issue affects Quartus Prime Pro: from 17.0 through 25.1.1.\u003c/p\u003e"
                }
              ],
              "value": "Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.1.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-471",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-471 Search Order Hijacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-06T21:17:02.552Z",
            "orgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
            "shortName": "Altera"
          },
          "references": [
            {
              "url": "https://www.altera.com/security/security-advisory/asa-0004"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Quartus Prime Pro Edition Advisory",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
        "assignerShortName": "Altera",
        "cveId": "CVE-2025-14605",
        "datePublished": "2026-01-06T21:15:56.664Z",
        "dateReserved": "2025-12-12T19:11:15.340Z",
        "dateUpdated": "2026-01-07T16:55:28.143Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14599 (GCVE-0-2025-14599)

    Vulnerability from nvd – Published: 2026-01-06 21:30 – Updated: 2026-01-06 21:47
    VLAI
    Title
    Quartus® Prime Standard and Quartus® Prime Lite Security Advisory
    Summary
    Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite  Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Vendor Product Version
    Altera Quartus Prime Standard Affected: 23.1 , ≤ 24.1 (custom)
    Create a notification for this product.
    Altera Quartus Prime Lite Affected: 23.1 , ≤ 24.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14599",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-06T21:46:59.180090Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-06T21:47:08.534Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Installer"
              ],
              "platforms": [
                "Windows"
              ],
              "product": "Quartus Prime Standard",
              "vendor": "Altera",
              "versions": [
                {
                  "lessThanOrEqual": "24.1",
                  "status": "affected",
                  "version": "23.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Installer"
              ],
              "product": "Quartus Prime Lite",
              "vendor": "Altera",
              "versions": [
                {
                  "lessThanOrEqual": "24.1",
                  "status": "affected",
                  "version": "23.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:altera:quartus_prime_standard:*:*:windows:*:*:*:*:*",
                      "versionEndIncluding": "24.1",
                      "versionStartIncluding": "23.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:altera:quartus_prime_lite:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "24.1",
                      "versionStartIncluding": "23.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstaller (SFX)\u003c/span\u003e\n\non Windows, Altera Quartus Prime Lite\u0026nbsp;\n\nInstaller (SFX)\n\n on Windows allows Search Order Hijacking.\u003cp\u003eThis issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1.\u003c/p\u003e"
                }
              ],
              "value": "Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard \n\nInstaller (SFX)\n\non Windows, Altera Quartus Prime Lite\u00a0\n\nInstaller (SFX)\n\n on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-471",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-471 Search Order Hijacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-06T21:30:14.128Z",
            "orgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
            "shortName": "Altera"
          },
          "references": [
            {
              "url": "https://www.altera.com/security/security-advisory/asa-0005"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Quartus\u00ae Prime Standard and Quartus\u00ae Prime Lite Security Advisory",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "04c0172e-9735-4a9d-a92a-fe01fa863447",
        "assignerShortName": "Altera",
        "cveId": "CVE-2025-14599",
        "datePublished": "2026-01-06T21:30:14.128Z",
        "dateReserved": "2025-12-12T18:24:32.099Z",
        "dateUpdated": "2026-01-06T21:47:08.534Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20767 (GCVE-0-2026-20767)

    Vulnerability from cvelistv5 – Published: 2026-05-12 17:33 – Updated: 2026-05-13 03:58
    VLAI
    Summary
    Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Escalation of Privilege
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    n/a Intel(R) QAT software drivers for Windows Affected: before version 1.13
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20767",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:58:43.491Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Intel(R) QAT software drivers for Windows",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before version 1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Escalation of Privilege",
                  "lang": "en"
                },
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T17:33:02.281Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html",
              "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2026-20767",
        "datePublished": "2026-05-12T17:33:02.281Z",
        "dateReserved": "2025-12-04T04:00:32.808Z",
        "dateUpdated": "2026-05-13T03:58:43.491Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20714 (GCVE-0-2026-20714)

    Vulnerability from cvelistv5 – Published: 2026-05-12 17:31 – Updated: 2026-05-13 03:58
    VLAI
    Summary
    Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Escalation of Privilege
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    n/a Intel(R) QAT software drivers for Windows Affected: before version 1.13
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20714",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:58:41.980Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Intel(R) QAT software drivers for Windows",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before version 1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Escalation of Privilege",
                  "lang": "en"
                },
                {
                  "cweId": "CWE-787",
                  "description": "Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T17:31:55.276Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html",
              "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2026-20714",
        "datePublished": "2026-05-12T17:31:55.276Z",
        "dateReserved": "2025-12-04T04:00:32.877Z",
        "dateUpdated": "2026-05-13T03:58:41.980Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20914 (GCVE-0-2026-20914)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:35 – Updated: 2026-05-12 17:07
    VLAI
    Summary
    Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 2.6.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Denial of Service
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    n/a Intel(R) QAT software drivers for Windows Affected: before version 2.6.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20914",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T17:00:05.590214Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T17:07:03.241Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Intel(R) QAT software drivers for Windows",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before version 2.6.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 2.6.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en"
                },
                {
                  "cweId": "CWE-476",
                  "description": "NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:35:01.200Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html",
              "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2026-20914",
        "datePublished": "2026-05-12T16:35:01.200Z",
        "dateReserved": "2025-12-04T04:00:32.755Z",
        "dateUpdated": "2026-05-12T17:07:03.241Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20905 (GCVE-0-2026-20905)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:34 – Updated: 2026-05-12 17:07
    VLAI
    Summary
    Improper input validation for some Intel(R) QAT software drivers for Windows before version 2.6 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Denial of Service
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    n/a Intel(R) QAT software drivers for Windows Affected: before version 2.6
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20905",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T17:00:17.369467Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T17:07:11.535Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Intel(R) QAT software drivers for Windows",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before version 2.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper input validation for some Intel(R) QAT software drivers for Windows before version 2.6 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en"
                },
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:34:58.654Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html",
              "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2026-20905",
        "datePublished": "2026-05-12T16:34:58.654Z",
        "dateReserved": "2025-12-04T04:00:32.867Z",
        "dateUpdated": "2026-05-12T17:07:11.535Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20881 (GCVE-0-2026-20881)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:34 – Updated: 2026-05-12 17:17
    VLAI
    Summary
    Divide by zero for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Denial of Service
    • CWE-369 - Divide By Zero
    Assigner
    Impacted products
    Vendor Product Version
    n/a Intel(R) QAT software drivers for Windows Affected: before version 1.13
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20881",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T17:11:53.010628Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T17:17:23.966Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Intel(R) QAT software drivers for Windows",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before version 1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Divide by zero for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en"
                },
                {
                  "cweId": "CWE-369",
                  "description": "Divide By Zero",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:34:54.155Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html",
              "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2026-20881",
        "datePublished": "2026-05-12T16:34:54.155Z",
        "dateReserved": "2025-12-04T04:00:32.822Z",
        "dateUpdated": "2026-05-12T17:17:23.966Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20793 (GCVE-0-2026-20793)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:34 – Updated: 2026-05-12 17:17
    VLAI
    Summary
    Unchecked return value for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (low) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Denial of Service
    • CWE-252 - Unchecked Return Value
    Assigner
    Impacted products
    Vendor Product Version
    n/a Intel(R) QAT software drivers for Windows Affected: before version 1.13
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20793",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T17:15:04.880732Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T17:17:53.718Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Intel(R) QAT software drivers for Windows",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before version 1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unchecked return value for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (low) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en"
                },
                {
                  "cweId": "CWE-252",
                  "description": "Unchecked Return Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:34:47.313Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html",
              "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2026-20793",
        "datePublished": "2026-05-12T16:34:47.313Z",
        "dateReserved": "2025-12-09T04:00:18.763Z",
        "dateUpdated": "2026-05-12T17:17:53.718Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20782 (GCVE-0-2026-20782)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:34 – Updated: 2026-05-12 17:18
    VLAI
    Summary
    Buffer overflow for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Denial of Service
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    n/a Intel(R) QAT software drivers for Windows Affected: before version 1.13
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20782",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T17:15:13.504191Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T17:18:02.848Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Intel(R) QAT software drivers for Windows",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before version 1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en"
                },
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:34:44.738Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html",
              "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2026-20782",
        "datePublished": "2026-05-12T16:34:44.738Z",
        "dateReserved": "2025-12-04T04:00:32.846Z",
        "dateUpdated": "2026-05-12T17:18:02.848Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20771 (GCVE-0-2026-20771)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:34 – Updated: 2026-05-12 17:18
    VLAI
    Summary
    Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Denial of Service
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    n/a Intel(R) QAT software drivers for Windows Affected: before version 1.13
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20771",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T17:15:54.802696Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T17:18:23.761Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Intel(R) QAT software drivers for Windows",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before version 1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en"
                },
                {
                  "cweId": "CWE-476",
                  "description": "NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:34:40.333Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html",
              "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2026-20771",
        "datePublished": "2026-05-12T16:34:40.333Z",
        "dateReserved": "2025-12-04T04:00:32.831Z",
        "dateUpdated": "2026-05-12T17:18:23.761Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20717 (GCVE-0-2026-20717)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:34 – Updated: 2026-05-12 17:04
    VLAI
    Summary
    Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Denial of Service
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    n/a Intel(R) QAT software drivers for Windows Affected: before version 1.13
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20717",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T17:02:29.098032Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T17:04:15.847Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Intel(R) QAT software drivers for Windows",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before version 1.13"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en"
                },
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T16:34:23.835Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html",
              "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01387.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2026-20717",
        "datePublished": "2026-05-12T16:34:23.835Z",
        "dateReserved": "2025-12-09T04:00:18.741Z",
        "dateUpdated": "2026-05-12T17:04:15.847Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32739 (GCVE-0-2025-32739)

    Vulnerability from cvelistv5 – Published: 2026-02-10 16:25 – Updated: 2026-02-10 17:31
    VLAI
    Summary
    Improper conditions check in some firmware for some Intel(R) Graphics Drivers and Intel LTS kernels within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (low) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Denial of Service
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    Impacted products
    Vendor Product Version
    n/a Intel(R) Graphics Drivers and Intel LTS kernels Affected: See references
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32739",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-10T17:31:46.920447Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-10T17:31:52.116Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Intel(R) Graphics Drivers and Intel LTS kernels",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "See references"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper conditions check in some firmware for some Intel(R) Graphics Drivers and Intel LTS kernels within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (low) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 2.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
                "version": "3.1"
              },
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2,
                "baseSeverity": "LOW",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en"
                },
                {
                  "cweId": "CWE-754",
                  "description": "Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-10T16:25:55.444Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01385.html",
              "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01385.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2025-32739",
        "datePublished": "2026-02-10T16:25:55.444Z",
        "dateReserved": "2025-04-15T21:11:09.799Z",
        "dateUpdated": "2026-02-10T17:31:52.116Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32092 (GCVE-0-2025-32092)

    Vulnerability from cvelistv5 – Published: 2026-02-10 16:25 – Updated: 2026-02-26 15:04
    VLAI
    Summary
    Insecure inherited permissions for some Intel(R) Graphics Software before version 25.30.1702.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Escalation of Privilege
    • CWE-277 - Insecure Inherited Permissions
    Assigner
    Impacted products
    Vendor Product Version
    n/a Intel(R) Graphics Software Affected: before version 25.30.1702.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32092",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-11T04:56:27.514033Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T15:04:09.346Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Intel(R) Graphics Software",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before version 25.30.1702.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insecure inherited permissions for some Intel(R) Graphics Software before version 25.30.1702.0 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Escalation of Privilege",
                  "lang": "en"
                },
                {
                  "cweId": "CWE-277",
                  "description": "Insecure Inherited Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-10T16:25:46.732Z",
            "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            "shortName": "intel"
          },
          "references": [
            {
              "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01385.html",
              "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01385.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "assignerShortName": "intel",
        "cveId": "CVE-2025-32092",
        "datePublished": "2026-02-10T16:25:46.732Z",
        "dateReserved": "2025-04-15T21:18:44.523Z",
        "dateUpdated": "2026-02-26T15:04:09.346Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }