The latest security information on Intel® products.

Summary: 

Potential security vulnerabilities in some Intel® Graphics software may allow escalation of privilege, denial of service or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities.

Vulnerability Details: 

CVEID:  CVE-2025-20101

Description: Out-of-bounds read for some Intel® Graphics Drivers may allow an authenticated user to potentially enable information disclosure or denial of service via local access.

CVSS Base Score 3.1: 8.4 High

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H

CVSS Base Score 4.0: 6.9 Medium

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

CVEID:  CVE-2025-20018

Description: Untrusted pointer dereference for some Intel® Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score 3.1: 8.4 High

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

CVSS Base Score 4.0: 6.9 Medium

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

CVEID:  CVE-2025-20003

Description: Improper link resolution before file access ('Link Following') for some Intel® Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score 3.1: 8.2 High

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CVSS Base Score 4.0: 7.3 High

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVEID:  CVE-2025-20052

Description: Improper access control for some Intel® Graphics software may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score 3.1: 7.3 High

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H

CVSS Base Score 4.0: 6.9 Medium

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

CVEID:  CVE-2025-21099

Description: Uncontrolled search path for some Intel® Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score 3.1: 6.7 Medium

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS Base Score 4.0: 5.4 Medium

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVEID:  CVE-2025-20041

Description: Uncontrolled search path for some Intel® Graphics software for Intel® Arc™ graphics and Intel® Iris® Xe graphics before version 32.0.101.6325/32.0.101.6252 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score 3.1: 6.7 Medium

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS Base Score 4.0: 5.4 Medium

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVEID:  CVE-2025-20071

Description: NULL pointer dereference for some Intel® Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score 3.1: 6.5 Medium

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CVSS Base Score 4.0: 6.8 Medium

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CVEID:  CVE-2025-20031

Description: Improper input validation for some Intel® Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score 3.1: 6.5 Medium

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CVSS Base Score 4.0: 6.8 Medium

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

Intel® Graphics Drivers for:

• Intel® Arc™ graphics before version 32.0.101.6449/32.0.101.6256.
• Intel® Arc™ Pro graphics before version 32.0.101.6303.
• Intel® Data Center GPU Flex Series before version 32.0.101.6314.
• Intel® Iris® Xe graphics before version 32.0.101.6449/32.0.101.6256.
• 7th-10th Gen Intel® Core™ processor family before version 31.0.101.2134.
• Intel Atom®, Pentium®, and Celeron® processors before version 31.0.101.2134.

Recommendation:

Intel recommends updating Intel® Graphics Driver for Intel® Arc™ graphics and Intel® Iris® Xe graphics to version 32.0.101.6449/32.0.101.6256 or later.

Updates are available for download at this location:  

https://www.intel.com/content/www/us/en/download/785597

Intel recommends updating Intel® Graphics Driver for Intel® Arc™ Pro graphics to version 32.0.101.6303 or later.

Updates are available for download at this location:

https://www.intel.com/content/www/us/en/download/741626/

Intel recommends updating Intel® Graphics Driver for Intel® Data Center GPU Flex Series to version 32.0.101.6314 or later.

Updates are available for download at this location:

https://www.intel.com/content/www/us/en/download/780185

Intel recommends updating Intel® Graphics Driver for 7th-10th Gen Intel® Core™ processor family and related Intel Atom®, Pentium® and Celeron® processors to version 31.0.101.2134 or later.

Updates are available for download at this location:

https://www.intel.com/content/www/us/en/download/776137

Acknowledgements:

Intel would like to thank Aobo Wang of Chaitin Security Research Lab (CVE-2025-20003), Nicola Stauffer and Daniel Jampen (CVE-2025-20018, CVE-2025-20071), @j00sean (CVE-2025-20041), Alexander Pudwill (CVE-2025-20052) for reporting these issues.

Intel would like to thank Intel employee Artem Shishkin (CVE-2025-20031, CVE-2025-20101) for reporting these issues.  The following issue was also found internally by Intel employees, CVE-2025-21099.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.