Main Vulnerability Database Vulnerabilities #VU109216

#VU109216 Improper locking in Intel Core Ultra processor - CVE-2025-20047

Published: May 15, 2025

Vulnerability identifier: #VU109216

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-20047

CWE-ID: CWE-667

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Intel Core Ultra processor

Software vendor:
Intel

Description

The vulnerability allows an attacker to escalate privileges on the system.

The vulnerability exists due to improper locking in the Intel Integrated Connectivity I/O interface (CNVi) for some Intel Core Ultra Processors. An attacker with physical access to the system can execute arbitrary code with escalated privileges.

Remediation

Install updates from vendor's website.

External links

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01180.html

#VU109216 Improper locking in Intel Core Ultra processor - CVE-2025-20047

Description

Remediation

External links

Please verify you're human