Summaryinfo

A vulnerability has been found in Intel Power Gadget on Windows and classified as problematic. This vulnerability affects unknown code. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2023-41234. It is possible to launch the attack on the local host. There is no exploit available. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Detailsinfo

A vulnerability, which was classified as problematic, was found in Intel Power Gadget on Windows (affected version not known). This affects some unknown functionality. The manipulation with an unknown input leads to a null pointer dereference vulnerability. CWE is classifying the issue as CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. This is going to have an impact on availability. The summary by CVE is:

NULL pointer dereference in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable denial of service via local access.

The advisory is shared at intel.com. This vulnerability is uniquely identified as CVE-2023-41234 since 11/09/2023. The exploitability is told to be easy. An attack has to be approached locally. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 05/17/2024).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Vendor

• Intel

Name

• Power Gadget

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion