Description
Integer overflow in the UEFI firmware for the Slim Bootloader may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (high) impacts.
Published: 2026-05-12
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An integer overflow in the UEFI firmware component known as the Slim Bootloader allows a local attacker with privileged system access to build specialized input that triggers the overflow. This flaw can lead to privilege escalation and code execution, granting the attacker complete control that compromises the confidentiality, integrity, and availability of the affected system. The vulnerability is identified as a CWE‑190 error, which is an integer overflow or wraparound weakness.

Affected Systems

The flaw affects systems that use Intel’s Slim Bootloader firmware. No specific firmware version numbers are disclosed in the current data, so any host running the Slim Bootloader should be considered potentially vulnerable. The hardware vendor is Intel, and the affected component is the UEFI firmware that initializes the boot process.

Risk and Exploitability

The CVSS score of 8.7 marks this as a high‑severity vulnerability. Exploitation requires local system access and a privileged user account, but the attack complexity is low and no user interaction is needed. Although the EPSS score is not available, the lack of any listing in the CISA KEV catalog suggests that widespread exploitation is not yet documented. Nonetheless, the potential for complete system takeover makes this a critical risk for any impacted infrastructure.

Generated by OpenCVE AI on May 12, 2026 at 17:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Intel firmware update that addresses the integer overflow in Slim Bootloader as released in the Intel Security Advisory SG‑01425.
  • Restrict privileged local accounts and enforce strict access controls to limit trusted users who can interact with the firmware during boot.
  • Enable Intel Secure Boot or similar BIOS‑level integrity checks to prevent unintended exploitation of the firmware component.
  • If the Slim Bootloader feature is not essential, consider disabling it or schedule a firmware integrity check to detect tampering.

Generated by OpenCVE AI on May 12, 2026 at 17:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 05:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 12 May 2026 17:45:00 +0000

Type Values Removed Values Added
Title Integer Overflow in UEFI Slim Bootloader Allowing Privilege Escalation
First Time appeared Intel
Intel slim Bootloader
Vendors & Products Intel
Intel slim Bootloader

Tue, 12 May 2026 16:45:00 +0000

Type Values Removed Values Added
Description Integer overflow in the UEFI firmware for the Slim Bootloader may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (high) impacts.
Weaknesses CWE-190
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Intel Slim Bootloader
cve-icon MITRE

Status: PUBLISHED

Assigner: intel

Published:

Updated: 2026-05-13T03:57:58.619Z

Reserved: 2025-12-04T04:00:32.894Z

Link: CVE-2026-20753

cve-icon Vulnrichment

Updated: 2026-05-12T17:07:31.979Z

cve-icon NVD

Status : Received

Published: 2026-05-12T17:16:17.523

Modified: 2026-05-12T17:16:17.523

Link: CVE-2026-20753

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T17:30:21Z

Weaknesses