CVE-2025-20103

Advisory lineage Upstream: 0 Downstream: 14

Downstream

ALPINE-CVE-2025-20103 DEBIAN-CVE-2025-20103 DLA-4170-1 DSA-5924-1 MGASA-2025-0160 OPENSUSE-SU-2025:15093-1

Deferred

Published: 13 May 2025, 21:02

Last modified:03 Nov 2025, 19:35

Vulnerability Summary

Overall Risk (default)

medium

26/100

CVSS Score

6.5 MEDIUM

v3.1 (nvd)

EPSS Score

0.09% LOW

0% probability +0.06%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

13 May 2025, 21:02

Published

Vulnerability first disclosed

03 Nov 2025, 19:35

Last Modified

Vulnerability information updated

Description

Insufficient resource pool in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access.

CVSS Metrics

v4.0•MEDIUM•Score: 5.7CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
v4.0•MEDIUM•Score: 5.7CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.09%• Percentile: 26%

Techniques & Countermeasures

CWE-410•Insufficient Resource Pool
The product's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) large number of requests for resources.