Zero Day MonitorZDM

← Back to list

9.3

CVE-2026-20794EXPLOITED

intel · Intel(R) Data Center Graphics Driver for VMware ESXi software

CVE-2026-20794: Buffer overflow for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1

Description

Buffer overflow for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (high) impacts.

Affected Products

Vendor	Product	Versions
intel	Intel(R) Data Center Graphics Driver for VMware ESXi software	before version 2.0.2

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
intel	graphics driver	cert_advisory	90%

References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01402.html

Related News (3 articles)

Tier D

SecurityWeek3h ago

Chipmaker Patch Tuesday: Intel and AMD Patch 70 Vulnerabilities

→ No new info (linked only)

Tier B

BSI Advisories4h ago

[NEU] [hoch] Intel Data Center Graphics Driver für VMware ESXi: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB19h ago

CVE-2026-20794 | VMware Intel Data Center Graphics Driver for VMware ESXi software buffer overflow (intel-sa-01402)

→ No new info (linked only)

CVSS 3.19.3 HIGH

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-120

PublishedMay 12, 2026

Last enriched3h agov4

Trending Score66

Source articles3

Independent3

Info Completeness9/14

Missing: epss, kev, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-20879EXP

CVE-2026-20879: Out-of-bounds write for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ri

HIGHCVE-2026-20751EXP

CVE-2026-20751: Out-of-bounds read for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Rin

NONECVE-2025-35969

CVE-2025-35969: Uncontrolled search path for some Intel(R) Server Firmware Update Utility Software before version 16.0.12. within Ring 3

Multiple Vulnerabilities in Intel Processors Allow Local Privilege Escalation and Information Disclosure

NONECVE-2026-20718

CVE-2026-20718: Incorrect default permissions for some Intel(R) NPU Driver software installers before version 32.0.100.4511 within Ring

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 12, 2026

Discovered by ZDM

May 12, 2026

Updated: affectedVersions

May 12, 2026

Actively Exploited

May 13, 2026

Exploit Available

May 13, 2026

Updated: severity, exploitAvailable, activelyExploited

May 13, 2026

Updated: cvssEstimate

May 13, 2026

Version History

v4

Last enriched 3h ago

v4Tier D3h ago

Updated CVSS score to 9.3 and provided a more detailed description of the vulnerability.

cvssEstimate

via SecurityWeek

v3Tier B3h ago

Updated severity to HIGH and marked exploit availability and active exploitation as true.

severityexploitAvailableactivelyExploited

via BSI Advisories

v2Tier C18h ago

Updated vendor to VMware, changed affected versions to 'up to 2.0.1', and severity to 'CRITICAL'.

affectedVersions

via VulDB

v118h ago

Initial creation