Description
Unchecked return value for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (low) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Published: 2026-05-12
Score: 4.8 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An unchecked return value in Intel QAT software drivers for Windows prior to version 1.13 can cause a denial of service when user applications interact with the driver from Ring 3. The flaw is a classic unchecked return value vulnerability (CWE-252) that can be exploited by an authenticated local user to disrupt system availability, but offers no threat to confidentiality or integrity.

Affected Systems

Intel QAT Windows drivers version 1.12 and earlier, used on Windows operating systems where the QuickAssist Technology drivers are installed. These drivers run at user‑level and provide accelerated cryptographic services to applications.

Risk and Exploitability

The CVSS score is 4.8, indicating a moderate severity. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting no widespread exploitation is known. The attack vector is likely local, requiring an authenticated user and low attack complexity, and does not require user interaction. Because the impact is limited to availability and the attack surface is restricted to legitimate users on the same system, the overall risk level is considered moderate. Vigilant monitoring can help detect attempted exploitation.

Generated by OpenCVE AI on May 12, 2026 at 17:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Intel QAT Windows drivers to version 1.13 or later, which removes the unchecked return value check.
  • If an immediate driver upgrade is not possible, limit the driver’s exposure by enforcing least‑privilege policies for applications that call QAT APIs, preventing untrusted user processes from invoking the driver.
  • Implement monitoring of system logs and driver‑related events to detect abnormal failures or repeated denial‑of‑service patterns, and schedule updates as soon as vendor patches become available.

Generated by OpenCVE AI on May 12, 2026 at 17:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 17:45:00 +0000

Type Values Removed Values Added
Title Unchecked Return Value Leading to Denial of Service in Intel QAT Windows Drivers

Tue, 12 May 2026 16:45:00 +0000

Type Values Removed Values Added
Description Unchecked return value for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (low) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Weaknesses CWE-252
References
Metrics cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: intel

Published:

Updated: 2026-05-12T17:17:53.718Z

Reserved: 2025-12-09T04:00:18.763Z

Link: CVE-2026-20793

cve-icon Vulnrichment

Updated: 2026-05-12T17:17:47.934Z

cve-icon NVD

Status : Received

Published: 2026-05-12T17:16:18.943

Modified: 2026-05-12T17:16:18.943

Link: CVE-2026-20793

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T17:30:21Z

Weaknesses