CVE-2023-45846 – This vulnerability in Intel Power Gadget for ma... (How to Fix)

Q: What is the severity of CVE-2023-45846?

CVE-2023-45846 has a CVSS score of 5.5 (MEDIUM). This vulnerability in Intel Power Gadget for macOS allows authenticated local users to cause denial of service through incomplete cleanup of resources. It affects all versions of Intel Power Gadget software running on macOS systems. The issue requires local access and authentication to exploit.

📋 TL;DR

This vulnerability in Intel Power Gadget for macOS allows authenticated local users to cause denial of service through incomplete cleanup of resources. It affects all versions of Intel Power Gadget software running on macOS systems. The issue requires local access and authentication to exploit.

💻 Affected Systems

Products:

Intel Power Gadget

Versions: All versions

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects macOS installations of Intel Power Gadget. Requires local authenticated access to exploit.

📦 What is this software?

Power Gadget by Intel

View all CVEs affecting Power Gadget →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System instability or crash requiring reboot, potentially disrupting user work or services running on affected macOS systems.

🟠

Likely Case

Application-level denial of service affecting Intel Power Gadget functionality, possibly requiring restart of the application.

🟢

If Mitigated

Minimal impact with proper access controls limiting local authenticated users and monitoring for abnormal application behavior.

🌐 Internet-Facing: LOW - Requires local authenticated access, not exploitable remotely.

🏢 Internal Only: MEDIUM - Local authenticated users could disrupt system stability, but requires specific conditions and access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local authenticated access and knowledge of the incomplete cleanup condition. No public exploit code identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest version from Intel (check Intel advisory for specific version)

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html

Restart Required: Yes

Instructions:

1. Visit Intel Security Advisory INTEL-SA-01037
2. Download latest Intel Power Gadget for macOS
3. Uninstall current version
4. Install updated version
5. Restart system

🔧 Temporary Workarounds

Uninstall Intel Power Gadget

macOS

Remove vulnerable software if not required

sudo rm -rf /Applications/Intel\ Power\ Gadget.app
sudo rm -rf /Library/Application\ Support/Intel/Power\ Gadget

Restrict local user access

macOS

Limit which users can run Intel Power Gadget

sudo chmod 750 /Applications/Intel\ Power\ Gadget.app

🧯 If You Can't Patch

Restrict application execution to trusted users only
Monitor system logs for abnormal Power Gadget behavior or crashes

🔍 How to Verify

Check if Vulnerable:

Check if Intel Power Gadget is installed: ls /Applications/ | grep -i 'intel power gadget'

Check Version:

Check application version in Intel Power Gadget About menu or package metadata

Verify Fix Applied:

Verify latest version installed and check application version in About dialog

📡 Detection & Monitoring

Log Indicators:

Unexpected Intel Power Gadget crashes
System instability events following Power Gadget usage
Kernel panic logs potentially related to power management

Network Indicators:

No network indicators - local vulnerability only

SIEM Query:

source="macos_system_logs" AND (process="Intel Power Gadget" OR message CONTAINS "Power Gadget") AND (severity="ERROR" OR severity="CRITICAL")

📊 Metadata

CVE ID: CVE-2023-45846

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-459

Published: May 16, 2024

Last Updated: August 28, 2025

🔗 References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-45846, you might also want to check these: