CVE-2025-35998
CVE-2025-35998
In short
Intel Quick Assist Technology is missing security protections on an alternate hardware interface, allowing a privileged attacker to escalate their access within the system kernel. This could let them gain control over sensitive data and system functions.
Technical detail
CWE-1299 missing protection mechanism on alternate hardware interface in Intel QAT allows privilege escalation via Ring 0 kernel access. Attack requires privileged user status with low complexity and special internal knowledge; local access vector impacts confidentiality and integrity with high severity (CVSS 7.0).
Summary generated and translated by AI from the official description.
Missing protection mechanism for alternate hardware interface in the Intel(R) Quick Assist Technology for some Intel(R) Platforms within Ring 0: Kernel may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected products
n/a · Intel(R) PlatformsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →