CVE-2026-20754 - Vulnerability Details

- Denial of Service via Improper Firmware Condition Check in Intel NPU Drivers

Description

Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Published: 2026-05-12

Score: 6.9 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The flaw originates from an improper conditions check in certain firmware components of Intel’s NPU drivers that can be triggered by an unprivileged local process with an authenticated session. An attacker can exploit the issue with low complexity and no special knowledge or user interaction, resulting in a denial of service that disrupts the NPU subsystem. The impact is a high loss of availability, with no confidential information disclosed and only a low risk to integrity.

Affected Systems

This vulnerability affects Intel NPU driver firmware on devices that employ the Intel(R) NPU Drivers. No specific product or firmware versions were disclosed in the advisory, so all installations of the Intel NPU drivers that rely on the identified firmware paths are potentially at risk.

Risk and Exploitability

The CVSS score is 6.9, reflecting a moderate to high severity due to local impact and moderate exploitation complexity. The EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog, suggesting it is not yet a widely cited exploit. The likely attack vector is local because the attacker must have an authenticated user session on the machine; however, the exploit requires no user interaction, which increases the risk for unattended systems. Overall, the vulnerability represents a moderate risk that can cause service downtime if an attacker gains local access.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

Intel(R) NPU Drivers

unaffected

Version	Status	Constraints
`See references`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Intel NPU firmware patch or driver update once available.
Restrict local access to the NPU drivers to privileged accounts only and enforce least‑privilege controls.
If the NPU hardware is not required for operational workloads, disable or physically remove the NPU component.
Monitor system logs and service status for signs of sudden NPU service interruption or unexpected reboots.

Generated by OpenCVE AI on May 12, 2026 at 17:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01424.html

History

Tue, 12 May 2026 17:45:00 +0000

Type	Values Removed	Values Added
Title		Denial of Service via Improper Firmware Condition Check in Intel NPU Drivers

Tue, 12 May 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description		Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Weaknesses		CWE-754
References		https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01424.html
Metrics		cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2026-05-12T16:34:35.815Z

Updated: 2026-05-12T17:07:28.875Z

Reserved: 2025-12-03T17:58:55.215Z

Link: CVE-2026-20754

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-12T17:16:17.763

Modified: 2026-05-12T17:16:17.763

Link: CVE-2026-20754

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-12T17:30:21Z

Weaknesses

CWE-754

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object