CVE-2026-20794 · Buffer overflow for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may

01 · The Real Story

This is a bad lock on the server room closet, not an open front door

CVE-2026-20794 is a classic buffer overflow in the Intel(R) Data Center Graphics Driver for VMware ESXi, affecting releases before 2.0.2. Intel says exploitation occurs within Ring 1 / device driver context and may allow local code execution / escalation of privilege. In practice, this only matters on ESXi hosts that both run the Intel async graphics driver and have the relevant Intel data center GPU stack deployed; Intel's 2.0.2 release notes show this package targets Intel Data Center GPU Flex Series and the current package line is for ESXi 8.0.3.

Intel scored it CRITICAL 9.3 on 2026-05-12, but that overstates enterprise patch urgency. The decisive friction is in Intel's own vector: AV:L/PR:H. An attacker needs local, privileged access on the ESXi host first; that is already a serious prior compromise, and the reachable population is narrow because this is a specialist GPU driver, not a broadly exposed ESXi management service.

"Low priority: this is a post-compromise, privileged-local ESXi driver bug on a niche GPU host set."

02 · The Attack Path

4 steps from start to impact.

STEP 01

Get onto the ESXi host as a privileged user

The attacker first needs a foothold that reaches the hypervisor itself, not just a guest VM. Realistically that means a stolen break-glass account, compromised vCenter admin path, direct console access, or an already-compromised ESXi root session. The weaponized tooling here is usually administrative access tooling already in the environment, not a CVE-specific exploit.

Conditions required:

Access to the ESXi host or management plane
Privileges high enough to act as a local privileged user on ESXi
ESXi shell/SSH/console or equivalent admin path available

Where this breaks in practice:

This is post-initial-access by definition
Modern shops keep ESXi management off the internet and behind VPN/jump hosts
MFA, PAM, and disabled ESXi shell materially reduce who can reach this step

Detection/coverage: Look for vCenter admin anomalies, ESXi Shell/SSH enablement events, root logins, and break-glass account use. Traditional endpoint tooling coverage on ESXi is limited, so identity and management-plane telemetry matter more than host EDR.

STEP 02

Find a host that actually runs the vulnerable Intel GPU driver

The attacker must land on an ESXi host with the Intel async VIB installed and a version earlier than 2.0.2. The practical tool here is esxcli software vib list or direct package inspection to confirm the Intel-idcgpu component is present.

Conditions required:

Intel Data Center Graphics Driver for VMware ESXi is installed
Installed version is earlier than 2.0.2
Host is part of the Intel GPU Flex deployment subset

Where this breaks in practice:

This is a niche hardware-and-driver population, not the general ESXi fleet
Many enterprises have zero Intel Flex GPU ESXi hosts
Even in VDI/AI clusters, only a subset of hosts may carry this async package

Detection/coverage: Vulnerability scanners often miss async ESXi VIB nuance unless you ingest host package inventory directly. Best coverage is host inventory from esxcli, vLCM/Host Profiles, or CMDB data tied to GPU-enabled clusters.

STEP 03

Trigger the overflow through the driver interface

Exploitation would require a custom ioctl or driver interaction harness aimed at the Intel graphics driver path. There is no public PoC or named exploit kit visible in public reporting from the sources reviewed, so an attacker likely needs reverse engineering and crash-prone trial and error. On ESXi, that raises the odds of noisy failure such as instability or PSOD before reliable weaponization.

Conditions required:

Ability to interact with the vulnerable driver locally
Knowledge of the vulnerable code path / input shape
Sufficient privileges to reach the driver interface

Where this breaks in practice:

No public exploit or GitHub PoC was found in the reviewed sources
Driver-level exploitation on ESXi is specialized work
Crashes can burn the operation before useful code execution is achieved

Detection/coverage: There is no broad signature-based scanner coverage for a private local ioctl path. Watch vmkernel.log, unexpected PSODs, unusual module errors, and post-crash package or config drift.

STEP 04

Run code in driver/kernel-adjacent context

If the overflow is successfully exploited, the attacker may execute code with elevated host-level privileges and tamper with hypervisor integrity, GPU scheduling, or adjacent workloads on that host. But by this point the attacker already had privileged local access to ESXi, so the incremental gain is mostly stronger persistence or deeper control rather than first-time host compromise.

Conditions required:

Reliable exploit success
Ability to operate after host instability risk
Privileged local foothold already established

Where this breaks in practice:

The attacker already crossed the hardest boundary before using this CVE
Blast radius is usually one host or one narrow cluster slice at a time
Operational value over existing ESXi admin access may be marginal

Detection/coverage: Focus on persistence changes, unauthorized VIB/config modification, host integrity drift, and unusual maintenance-mode or reboot patterns after suspicious admin activity.

03 · Intelligence Metadata

The supporting signals.

In-the-wild status	No confirmed public exploitation in the reviewed sources. It is not listed in CISA's KEV catalog.
PoC availability	No public PoC located in the reviewed sources or GitHub-focused web results at assessment time; likely requires custom reverse engineering of the driver interface.
EPSS	User-supplied EPSS is 0.0002 (about 0.02% 30-day exploitation probability). That is effectively background noise for patch prioritization; FIRST API documentation was verified, but a CVE-specific percentile could not be directly confirmed from the available browse path.
KEV status	Not KEV-listed. No CISA due date applies.
Vendor scoring	Despite the initial prompt claiming no baseline, Intel published a vendor score on 2026-05-12: CRITICAL 9.3, vector `CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H`.
CVSS vector reality check	`AV:L` + `PR:H` means local privileged only. Operationally, that is a strong downward pressure because it assumes the attacker is already on the hypervisor with elevated rights.
Affected versions	Intel states Intel Data Center Graphics Driver for VMware ESXi before 2.0.2 is affected.
Fixed versions	Update to 2.0.2 or later. Intel's current package line shows 2.0.2.46 for the VMware ESXi release package; this is an Intel async package, so there are no distro-style backports to track.
Exposure population	This is not an internet-facing service and has no practical Shodan/Censys fingerprint. Exposure is limited to ESXi hosts running the Intel Data Center GPU Flex Series stack and the Intel `idcgpu` VIB, which is a comparatively small subset of enterprise virtualization estates.
Disclosure / reporter	Disclosed 2026-05-12 in INTEL-SA-01402; Intel credits Ori Nimron (@orinimron123) for reporting.

04 · The Call

noisgate verdict.

Final Verdict

↓ DOWNGRADED to LOW (3.4/10)

The single biggest reason this lands in LOW is that exploitation requires local privileged access on the ESXi host first. That makes this a post-compromise hypervisor-hardening issue on a narrow, GPU-enabled host population, not a front-door enterprise takeover risk.

HIGH Attacker-position friction is severe (`AV:L/PR:H`)

HIGH Exposure population is narrow and specialized

MEDIUM Public exploitation visibility and PoC absence

Why this verdict

Start from Intel's 9.3, then cut hard for attacker position: Intel's own vector is AV:L/PR:H, which means the attacker already has privileged local access on ESXi before this CVE matters.
Niche deployment narrows the fleet: only hosts with the Intel async graphics driver and Data Center GPU Flex deployment are in scope; most enterprises will have few or none.
Threat intel is cold: no KEV listing, no confirmed public exploitation, and an EPSS of 0.0002 all argue against urgent patch priority.

Why not higher?

This is not remotely reachable and it is not useful for initial access. Requiring privileged local access on the hypervisor is compounded friction: the attacker has already beaten your identity, management-plane, and host-access controls before touching this bug.

Why not lower?

It is still a real memory corruption flaw in hypervisor-adjacent driver code, not a theoretical paperwork CVE. On the small number of affected hosts, successful exploitation could deepen host control or persistence, so it deserves tracking and normal maintenance remediation rather than dismissal.

05 · Compensating Control

What to do — in priority order.

Disable routine ESXi shell and SSH access — Keep ESXi shell/SSH in break-glass mode only, because the exploit path starts with local privileged host access. For a LOW verdict there is no SLA deadline, but this should be enforced as standing control hygiene and verified during the next access review.
Constrain hypervisor admin paths — Limit who can administer ESXi directly through PAM, MFA-backed jump hosts, vCenter RBAC, and session recording. This cuts off the most important prerequisite; for LOW severity there is no mitigation SLA, so fold this into normal control assurance work rather than emergency change.
Inventory Intel-idcgpu across clusters — Use esxcli software vib list or host inventory tooling to identify where the Intel async VIB exists so you only patch the real blast radius. Do this in your next routine vulnerability triage cycle; many fleets will discover the affected population is tiny or zero.
Watch for host instability and package drift — Alert on unexpected PSODs, vmkernel.log driver faults, unauthorized VIB changes, and unexplained ESXi maintenance-mode/reboot patterns on GPU hosts. This is the practical detective control when classic EDR coverage is weak on ESXi.

What doesn't work

A WAF does nothing here because there is no web entry point in the vulnerability path.
Guest OS patching or guest EDR does not protect the ESXi host driver; the bug lives in the hypervisor's Intel driver package.
Internet perimeter blocking alone is insufficient because the dangerous prerequisite is insider/admin-path access to ESXi, not public exposure.

06 · Verification

Crowdsourced verification payload.

Run this on the ESXi host itself from ESXi Shell or over SSH as root or an account that can execute esxcli. Example: sh check-idcgpu-cve-2026-20794.sh. It reads installed VIB inventory and reports VULNERABLE, PATCHED, or UNKNOWN based on whether Intel-idcgpu is present and whether its semantic version is earlier than 2.0.2.

noisgate-verify.sh

BASHREAD-ONLYSAFE

#!/bin/sh
# check-idcgpu-cve-2026-20794.sh
# Purpose: detect whether Intel Data Center Graphics Driver for VMware ESXi
#          is present and older than 2.0.2.
# Output: VULNERABLE / PATCHED / UNKNOWN
# Exit codes: 0=PATCHED, 1=VULNERABLE, 2=UNKNOWN

TARGET_MAJOR=2
TARGET_MINOR=0
TARGET_PATCH=2

if ! command -v esxcli >/dev/null 2>&1; then
  echo "UNKNOWN: esxcli not found"
  exit 2
fi

LINE=$(esxcli software vib list 2>/dev/null | awk 'tolower($1)=="intel-idcgpu" {print $0; exit}')

if [ -z "$LINE" ]; then
  echo "UNKNOWN: Intel-idcgpu VIB not installed or not visible in esxcli output"
  exit 2
fi

VER=$(echo "$LINE" | awk '{print $2}')
BASE=$(echo "$VER" | sed -n 's/^\([0-9][0-9]*\)\.\([0-9][0-9]*\)\.\([0-9][0-9]*\).*/\1 \2 \3/p')

if [ -z "$BASE" ]; then
  echo "UNKNOWN: unable to parse installed version from '$VER'"
  exit 2
fi

set -- $BASE
MAJOR=$1
MINOR=$2
PATCH=$3

if [ "$MAJOR" -lt "$TARGET_MAJOR" ]; then
  echo "VULNERABLE: Intel-idcgpu version $VER is earlier than 2.0.2"
  exit 1
fi

if [ "$MAJOR" -gt "$TARGET_MAJOR" ]; then
  echo "PATCHED: Intel-idcgpu version $VER is newer than 2.0.2"
  exit 0
fi

if [ "$MINOR" -lt "$TARGET_MINOR" ]; then
  echo "VULNERABLE: Intel-idcgpu version $VER is earlier than 2.0.2"
  exit 1
fi

if [ "$MINOR" -gt "$TARGET_MINOR" ]; then
  echo "PATCHED: Intel-idcgpu version $VER is newer than 2.0.2"
  exit 0
fi

if [ "$PATCH" -lt "$TARGET_PATCH" ]; then
  echo "VULNERABLE: Intel-idcgpu version $VER is earlier than 2.0.2"
  exit 1
fi

echo "PATCHED: Intel-idcgpu version $VER is 2.0.2 or later"
exit 0

07 · Bottom Line

If you remember one thing.

TL;DR

Monday morning, do not treat this like an emergency fleet-wide fire drill. First, inventory whether you even run the Intel idcgpu VIB on any ESXi GPU hosts; if the answer is yes, stage 2.0.2+ for the next normal hypervisor maintenance window and document the narrow exposure set. For a LOW verdict there is no noisgate mitigation SLA and effectively no noisgate remediation SLA beyond backlog hygiene, so the right move is to validate exposure this week, keep shell/admin-path controls tight, and remediate during routine host maintenance rather than preempting higher-value remotely reachable issues.

Sources

Peer Review

What defenders are saying.

Submit a review attribution: handle + country only

0 flags selected · stored anonymously

Validation Results

Crowdsourced verification outputs.

Results submitted by users who ran the verification payload against their environment.