Intel Trace Analyzer & Collector 2021.7 Null Pointer Deref. Info Disclosure
CVE-2022-42878 Published on May 10, 2023

Null pointer dereference for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via local access.

NVD

Vulnerability Analysis

CVE-2022-42878 is exploitable with local system access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

Use of NullPointerException Catch to Detect NULL Pointer Dereference

Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer.


Products Associated with CVE-2022-42878

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-42878 are published in these products:

Intel Trace Analyzer And Collector
 
Intel Oneapi Hpc Toolkit
 

Exploit Probability

EPSS
0.11%
Percentile
28.86%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.