Description
Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Published: 2026-05-12
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out‑of‑bounds write occurs in Intel QAT Windows drivers before version 1.13 while executing in user mode (Ring 3). A local, authenticated attacker can corrupt driver memory and gain elevated privileges, potentially compromising the confidentiality, integrity, and availability of the affected system.

Affected Systems

Intel QAT software drivers for Windows up to but not including version 1.13. Devices running any of these driver versions without the later update remain vulnerable.

Risk and Exploitability

The CVSS score of 8.5 signals high severity. Exploitation is possible locally with authenticated code execution, requires low complexity, and does not mandate user interaction. The EPSS score is not available and the vulnerability is not listed in CISA KEV, yet the combination of high impact and ease of local attack makes the risk substantial for unpatched systems.

Generated by OpenCVE AI on May 12, 2026 at 20:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Intel QAT driver to version 1.13 or later to eliminate the out‑of‑bounds write.
  • If an update cannot be applied immediately, restrict access to the driver files and services to privileged users only.
  • Enable detailed audit logging for driver operations and monitor for anomalous activity indicative of privilege escalation.

Generated by OpenCVE AI on May 12, 2026 at 20:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 12 May 2026 21:00:00 +0000

Type Values Removed Values Added
Title Out‑Of‑Bounds Write in Intel QAT Windows Drivers Allows Local Privilege Escalation

Tue, 12 May 2026 18:15:00 +0000

Type Values Removed Values Added
Description Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Weaknesses CWE-787
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: intel

Published:

Updated: 2026-05-13T03:58:41.980Z

Reserved: 2025-12-04T04:00:32.877Z

Link: CVE-2026-20714

cve-icon Vulnrichment

Updated: 2026-05-12T21:13:09.232Z

cve-icon NVD

Status : Received

Published: 2026-05-12T18:16:36.900

Modified: 2026-05-12T18:16:36.900

Link: CVE-2026-20714

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T20:45:23Z

Weaknesses