CVE-2025-35991

The CVE-2025-35991 entry describes an improper initialization in the UEFI firmware for some Intel platforms (Ring 0: Bare Metal OS) that may allow information disclosure. The issue requires a local attacker with privileged access and high attack complexity, with no user interaction, and could imp...

CVE-2025-35991

Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...

CVE-2025-35990

CVE-2025-35990 affects Intel Endpoint Management Assistant (EMA) software prior to version 1.14.5. The vulnerability arises from improper input validation in Ring 3 user-space components, enabling an unauthenticated, low-complexity attacker with adjacent access to cause an escalation of privilege...

CVE-2025-35990

Improper input validation for some Intel Endpoint Management Assistant EMA software before version 1.14.5 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable escalation...

CVE-2025-35990

Improper input validation for some Intel Endpoint Management Assistant EMA software before version 1.14.5 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable escalation...

CVE-2025-35979

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some IntelR Processors within VMX non-root guest operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a...

CVE-2025-35979

CVE-2025-35979 describes a vulnerability in certain Intel processors where shared microarchitectural predictor state can influence transient execution, enabling information disclosure in VMX non-root (guest) operation. An unprivileged, authenticated user with high-complexity capabilities and loca...

CVE-2025-35979

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some IntelR Processors within VMX non-root guest operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a...

CVE-2025-35979

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some IntelR Processors within VMX non-root guest operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a...

CVE-2025-35969

Intel Server Firmware Update Utility before 16.0.12 is affected by CVE-2025-35969: an Uncontrolled search path flaw in Ring 3 (user applications) may allow privilege escalation via a local attack by an authenticated user with high complexity and requiring user interaction. The impact spans confid...

CVE-2025-35969

Uncontrolled search path for some IntelR Server Firmware Update Utility Software before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of...

CVE-2025-27723

The CVE-2025-27723 entry describes a use-after-free in the Linux kernel driver for Intel Ethernet 800 series, prior to version 2.3.14. The issue affects the Ring 0 kernel path and can allow a denial-of-service condition with high impact to availability. Exploitation requires a local, authenticate...

CVE-2025-27723

Use after free for some Linux kernel driver for the IntelR Ethernet 800 series before version 2.3.14 within Ring 0: Kernel may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may...

CVE-2026-20914

The CVE-2026-20914 entry concerns Intel QAT software drivers for Windows prior to version 2.6.0. The vulnerability is a Null Pointer Dereference in Ring 3 (User Applications) that could allow a Denial of Service. Exploitation requires a local authenticated user with low complexity and no user int...

CVE-2026-20914

Null pointer dereference for some IntelR QAT software drivers for Windows before version 2.6.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result...

CVE-2026-20905

Improper input validation for some IntelR QAT software drivers for Windows before version 2.6 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result...

CVE-2026-20905

CVE-2026-20905 describes improper input validation in some Intel(R) QAT Windows drivers prior to v2.6 running in Ring 3. An unprivileged, authenticated user with local access and low complexity can cause a denial of service, with potential low impact on confidentiality and integrity but high impa...

CVE-2026-20887

Improper access control for some Intel Vision software for all versions within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable remote code execution. This result may potentially...

CVE-2026-20887

Intel Vision software (all Ring 3 versions) is affected by CVE-2026-20887 due to improper access control. An unprivileged, unauthenticated attacker could trigger a low-complexity remote attack over the network to achieve remote code execution, with potential impacts to confidentiality (HIGH), and...

CVE-2026-20887

Improper access control for some Intel Vision software for all versions within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable remote code execution. This result may potentially...