CVE-2025-26405
📋 TL;DR
This vulnerability in Intel NPU drivers allows unprivileged user applications to cause a denial of service through improper control of dynamically-managed code resources. Attackers with authenticated access can exploit this via local access with low complexity, potentially crashing the NPU driver and affecting system availability. Systems using affected Intel NPU drivers are vulnerable.
💻 Affected Systems
- Intel NPU Drivers
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete denial of service for NPU functionality, potentially affecting dependent applications and services that rely on NPU acceleration.
Likely Case
Local authenticated user causes NPU driver crash, disrupting NPU-dependent applications until system restart.
If Mitigated
Minimal impact with proper access controls and patching; only authorized users can interact with NPU resources.
🎯 Exploit Status
Requires authenticated user access and local execution. Passive user interaction needed but attack complexity is low.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Intel SA-01304 for specific patched driver versions
Vendor Advisory: https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01304.html
Restart Required: Yes
Instructions:
1. Visit Intel Security Advisory SA-01304. 2. Download latest NPU driver for your OS. 3. Install updated driver. 4. Restart system.
🔧 Temporary Workarounds
Restrict NPU Driver Access
allLimit user permissions to NPU driver interfaces to prevent unprivileged exploitation
# Linux: chmod 750 /dev/intel_npu*
# Windows: Use Group Policy to restrict device access
🧯 If You Can't Patch
- Implement strict access controls to limit which users can execute applications that interface with NPU drivers.
- Monitor system logs for unusual NPU driver crashes or denial of service attempts.
🔍 How to Verify
Check if Vulnerable:
Check Intel NPU driver version against affected versions listed in Intel SA-01304 advisory.Check Version:
# Windows: driverquery | findstr npu
# Linux: modinfo intel_npu | grep versionVerify Fix Applied:
Verify installed NPU driver version matches or exceeds patched version from Intel advisory.📡 Detection & Monitoring
Log Indicators:
- NPU driver crash events in system logs
- Unexpected termination of NPU-related processes
- Access denied errors for NPU device files from unauthorized users
Network Indicators:
- None - local exploitation only
SIEM Query:
EventID=1000 OR EventID=1001 Source='Intel NPU Driver' OR ProcessName='npudrv*'