An out‑of‑bounds read in the Intel Data Center Graphics Driver for VMware ESXi before version 2.0.2 allows a local attacker with privileged access to read sensitive memory, potentially exposing confidential data (CWE‑125). The flaw can also trigger a driver crash or hang, resulting in denial‑of‑service of the host and compromising availability. The vulnerability thus poses a high confidentiality risk and a high availability risk, with no direct integrity impact.

Intel’s Data Center Graphics Driver integrated into VMware ESXi software is affected by this vulnerability in any release prior to version 2.0.2. The flaw affects the driver component used by VMware ESXi hosts that host Intel GPU hardware.

Exploitation requires local privileged access and low complexity, with no user interaction. An attacker who can install or load the vulnerable driver can trigger the out‑of‑bounds read, causing either a crash (DoS) or the exposure of data from host memory. The CVSS score of 8.3 indicates high severity. EPSS is not available, so the probability of exploitation cannot be precisely expressed, but the local nature suggests a moderate chance where privileged adversaries are present. The vulnerability is not listed in CISA’s KEV catalog, so there is no indication of active exploitation in the wild at this time.