CVE-2025-32446 – An untrusted pointer dereference vulnerability ... (How to Fix)

Q: What is the severity of CVE-2025-32446?

CVE-2025-32446 has a CVSS score of 6.5 (MEDIUM). An untrusted pointer dereference vulnerability in Intel QuickAssist Technology software before version 2.6.0 allows authenticated local users to escalate privileges and manipulate data. This affects systems running vulnerable Intel QAT software where an attacker has local access with user-level credentials. The vulnerability has high integrity impact but no confidentiality or availability impact.

📋 TL;DR

An untrusted pointer dereference vulnerability in Intel QuickAssist Technology software before version 2.6.0 allows authenticated local users to escalate privileges and manipulate data. This affects systems running vulnerable Intel QAT software where an attacker has local access with user-level credentials. The vulnerability has high integrity impact but no confidentiality or availability impact.

💻 Affected Systems

Products:

Intel QuickAssist Technology (QAT) software

Versions: All versions before 2.6.0

Operating Systems: Linux, Windows, Other OS supporting Intel QAT

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with Intel QAT software installed and enabled. Requires local access and authenticated user credentials.

📦 What is this software?

Quickassist Technology by Intel

View all CVEs affecting Quickassist Technology →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Authenticated attacker gains elevated privileges, potentially compromising system integrity through data manipulation or unauthorized access to restricted resources.

🟠

Likely Case

Local authenticated user exploits the vulnerability to escalate privileges within the Ring 3 user application context, enabling unauthorized data modification.

🟢

If Mitigated

With proper access controls and patching, the vulnerability is contained, preventing privilege escalation and maintaining system integrity.

🌐 Internet-Facing: LOW - Requires local access and authenticated user credentials, not directly exploitable over the internet.

🏢 Internal Only: MEDIUM - Internal users with local access and authentication could exploit this for privilege escalation, but requires specific conditions.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Attack requires authenticated local access and is described as low complexity. No public exploit code is currently known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.6.0 or later

Vendor Advisory: https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01373.html

Restart Required: Yes

Instructions:

1. Download Intel QAT software version 2.6.0 or later from Intel's website. 2. Stop QAT services. 3. Install the updated software package. 4. Restart the system to apply changes.

🔧 Temporary Workarounds

Disable Intel QAT if not needed

linux

Temporarily disable Intel QuickAssist Technology to mitigate the vulnerability until patching is possible.

sudo systemctl stop qat_service
sudo modprobe -r qat_driver

🧯 If You Can't Patch

Restrict local access to systems with vulnerable QAT software to trusted users only.
Implement strict privilege separation and monitor for unusual privilege escalation attempts.

🔍 How to Verify

Check if Vulnerable:

Check Intel QAT software version using 'qat_service --version' or examine installed packages for versions before 2.6.0.

Check Version:

qat_service --version

Verify Fix Applied:

Verify the installed Intel QAT version is 2.6.0 or later and check that QAT services are running normally.

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation events
Failed authentication attempts followed by successful privilege changes
QAT service crashes or unusual behavior

Network Indicators:

None - this is a local vulnerability

SIEM Query:

source="system_logs" AND (event_type="privilege_escalation" OR process_name="qat_service")

📊 Metadata

CVE ID: CVE-2025-32446

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

CWE: CWE-822

EPSS Score: 0.02% exploit probability (4.1th percentile)

Published: November 11, 2025

Last Updated: November 26, 2025

🔗 References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01373.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-32446, you might also want to check these: