CVE-2025-20090 – This CVE describes an untrusted pointer derefer... (How to Fix)

Q: What is the severity of CVE-2025-20090?

CVE-2025-20090 has a CVSS score of 5.5 (MEDIUM). This CVE describes an untrusted pointer dereference vulnerability in Intel QuickAssist Technology software that could allow an authenticated user with local access to cause a denial of service. The vulnerability affects systems running Intel QAT software versions before 2.5.0. Attackers would need authenticated local access to exploit this issue.

📋 TL;DR

This CVE describes an untrusted pointer dereference vulnerability in Intel QuickAssist Technology software that could allow an authenticated user with local access to cause a denial of service. The vulnerability affects systems running Intel QAT software versions before 2.5.0. Attackers would need authenticated local access to exploit this issue.

💻 Affected Systems

Products:

Intel QuickAssist Technology (QAT) software

Versions: All versions before 2.5.0

Operating Systems: Linux, Windows, Other supported OS for Intel QAT

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Intel QAT hardware acceleration cards/technology to be present and configured.

📦 What is this software?

Quickassist Technology by Intel

View all CVEs affecting Quickassist Technology →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or service disruption of Intel QAT functionality, potentially affecting dependent applications and services.

🟠

Likely Case

Local denial of service affecting Intel QAT acceleration services, causing performance degradation for cryptographic operations and compression tasks.

🟢

If Mitigated

Minimal impact with proper access controls limiting local user privileges and network segmentation.

🌐 Internet-Facing: LOW - Requires local authenticated access, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Authenticated local users could disrupt acceleration services affecting system performance.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires authenticated local access and knowledge of the vulnerability. No public exploit code is known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.5.0 or later

Vendor Advisory: https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01301.html

Restart Required: No

Instructions:

1. Download Intel QAT software version 2.5.0 or later from Intel's website. 2. Follow Intel's installation guide for your operating system. 3. Verify the update completed successfully.

🔧 Temporary Workarounds

Restrict Local User Access

all

Limit local user privileges and access to systems running Intel QAT software to reduce attack surface.

Disable QAT if Not Required

linux

Temporarily disable Intel QAT acceleration if not critical for operations until patching can be completed.

sudo systemctl stop qat_service
sudo modprobe -r qat_driver

🧯 If You Can't Patch

Implement strict access controls to limit local user privileges on affected systems.
Monitor systems for unusual process behavior or service disruptions related to Intel QAT.

🔍 How to Verify

Check if Vulnerable:

Check Intel QAT software version using 'qat_service -v' or similar command, or check installed packages for versions before 2.5.0.

Check Version:

qat_service -v  # Linux, or check installed package version

Verify Fix Applied:

Verify Intel QAT software version is 2.5.0 or later using version check commands and ensure services are running normally.

📡 Detection & Monitoring

Log Indicators:

Unexpected QAT service crashes or restarts
Access denied errors from unauthorized users attempting QAT operations
System logs showing pointer-related errors in QAT modules

Network Indicators:

None - this is a local access vulnerability

SIEM Query:

source="system_logs" AND ("qat" OR "QuickAssist") AND ("crash" OR "segfault" OR "denial")

📊 Metadata

CVE ID: CVE-2025-20090

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-822

EPSS Score: 0.03% exploit probability (8.8th percentile)

Published: August 12, 2025

Last Updated: December 5, 2025

🔗 References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01301.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-20090, you might also want to check these: