CVE-2025-35998: Missing protection mechanism for alternate hardware interface in the Intel(R) Quick Assist Technology for s...
Missing protection mechanism for alternate hardware interface in the Intel(R) Quick Assist Technology for some Intel(R) Platforms within Ring 0: Kernel may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Security readout for executives and security teams
Plain-English summary
This flaw affects Intel Quick Assist Technology on some Intel platforms. A local attacker who already has privileged software access could escalate privileges under specific conditions, potentially compromising confidentiality and integrity of the vulnerable system. The bundle does not identify active exploitation.
Executive priority
Treat as high priority for affected infrastructure, especially shared, security-sensitive, or regulated systems. This is not presented as remotely exploitable or actively exploited, but it can weaken platform trust where privileged local access is possible.
Technical view
The CVE describes missing protection for an alternate hardware interface in Intel QAT within Ring 0/kernel context. CVSS is 7.9 high, local, low complexity, high privileges required, no user interaction, changed scope, with high confidentiality and integrity impact.
Likely exposure
Exposure appears limited to systems using affected Intel platforms with Intel Quick Assist Technology. Exact platform models and versions are not listed in the bundle and must be checked against Intel SA-01406 and applicable Red Hat advisories.
Exploitation context
No KEV listing or provided source states active exploitation. The described attack is local, requires a privileged user, special internal knowledge, and present attack requirements, making broad remote exploitation unsupported by the available evidence.
Researcher notes
Key evidence is CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N with CWE-1220 and CWE-1299. The bundle lacks exact affected platform/version details, so validation should remain advisory-driven and avoid assumptions beyond Intel and Red Hat references.
Mitigation direction
Review Intel SA-01406 for affected platform details and vendor remediation.
Apply applicable Intel platform, firmware, or software updates named by the advisory.
For Red Hat systems, review RHSA-2026:6888 and related CVE guidance.
Prioritize hosts where Intel QAT is enabled or operationally exposed.
Track vendor guidance if exact affected versions are unclear.
Validation and detection
Inventory systems with Intel QAT-capable or QAT-enabled Intel platforms.
Compare hardware and software versions against Intel SA-01406.
Check Red Hat package applicability against RHSA-2026:6888 where relevant.
Confirm remediation status through vendor update records or asset management.
Document systems not affected because QAT or listed platforms are absent.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-1220: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
3CVSS vectors
5Timeline events
2ADP providers
6Source links
SSVC decision data
CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: total
CVSS vector scores
3 official scores
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-1220 · source CWE mapping
Insufficient Granularity of Access Control
Insufficient Granularity of Access Control represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
Missing Protection Mechanism for Alternate Hardware Interface
Missing Protection Mechanism for Alternate Hardware Interface represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.