Vulnerability in Intel(r) Reference Platforms May Allow An Escalation Of Privilege. System Software Adversary With A Privileged User Combined High Complexity Attack Enable This Result Potentially Occur Via Local Access When Requirements Are Present Without Special Internal Knowledge And Requires No Interaction. The Potential Vulnerability Impact Confidentiality (High), Integrity (High) Availability Vulnerable System, Resulting In Subsequent (None), (None) Impacts.

CVE-2025-20028

Time-of-check time-of-use race condition in the WheaERST SMM module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may ena…

Vulnerability class: TOCTOU (Time-of-Check to Time-of-Use)

EPSS: 0.000 (3.4th percentile) — read the EPSS interpretation.

Affected products

N/a Intel(r) Reference Platforms May Allow An Escalation Of Privilege. System Software Adversary With A Privileged User Combined High Complexity Attack Enable This Result Potentially Occur Via Local Access When Requirements Are Present Without Special Internal Knowledge And Requires No Interaction. The Potential Vulnerability Impact Confidentiality (High), Integrity (High) Availability Vulnerable System, Resulting In Subsequent (None), (None) Impacts. — versions See references

Weakness classification (CWE)

CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition

References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01234.html