Vulnerabilites related to amperecomputing - ampere_altra_max
cve-2022-35888
Vulnerability from cvelistv5
Published
2022-09-29 00:41
Modified
2025-05-20 19:55
Severity ?
EPSS score ?
Summary
Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://amperecomputing.com/products/security-bulletins/hertzbleed.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.arm.com/documentation/ka005111/1-0/?lang=en"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-35888",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-20T19:53:42.985458Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T19:55:11.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T00:41:53.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://amperecomputing.com/products/security-bulletins/hertzbleed.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.arm.com/documentation/ka005111/1-0/?lang=en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "[email protected]",
"ID": "CVE-2022-35888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://amperecomputing.com/products/security-bulletins/hertzbleed.html",
"refsource": "MISC",
"url": "https://amperecomputing.com/products/security-bulletins/hertzbleed.html"
},
{
"name": "https://developer.arm.com/documentation/ka005111/1-0/?lang=en",
"refsource": "MISC",
"url": "https://developer.arm.com/documentation/ka005111/1-0/?lang=en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-35888",
"datePublished": "2022-09-29T00:41:53.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-05-20T19:55:11.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25368
Vulnerability from cvelistv5
Published
2022-03-09 18:17
Modified
2024-08-03 04:36
Severity ?
EPSS score ?
Summary
Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://amperecomputing.com/products/security-bulletins/impact-of-spectre-bhb-on-ampere.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim\u0027s hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-09T18:17:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://amperecomputing.com/products/security-bulletins/impact-of-spectre-bhb-on-ampere.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "[email protected]",
"ID": "CVE-2022-25368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim\u0027s hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://amperecomputing.com/products/security-bulletins/impact-of-spectre-bhb-on-ampere.html",
"refsource": "MISC",
"url": "https://amperecomputing.com/products/security-bulletins/impact-of-spectre-bhb-on-ampere.html"
},
{
"name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960",
"refsource": "CONFIRM",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960"
},
{
"name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb",
"refsource": "MISC",
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25368",
"datePublished": "2022-03-09T18:17:28",
"dateReserved": "2022-02-19T00:00:00",
"dateUpdated": "2024-08-03T04:36:06.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-32295
Vulnerability from cvelistv5
Published
2022-06-30 23:28
Modified
2024-08-03 07:39
Severity ?
EPSS score ?
Summary
On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:39:50.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://amperecomputing.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc-protection-for-ampere-website.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-21T20:13:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://amperecomputing.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc-protection-for-ampere-website.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "[email protected]",
"ID": "CVE-2022-32295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://amperecomputing.com",
"refsource": "MISC",
"url": "https://amperecomputing.com"
},
{
"name": "https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc-protection-for-ampere-website.html",
"refsource": "MISC",
"url": "https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc-protection-for-ampere-website.html"
},
{
"name": "https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc.html",
"refsource": "MISC",
"url": "https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32295",
"datePublished": "2022-06-30T23:28:16",
"dateReserved": "2022-06-05T00:00:00",
"dateUpdated": "2024-08-03T07:39:50.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37459
Vulnerability from cvelistv5
Published
2022-08-17 12:49
Modified
2024-08-03 10:29
Severity ?
EPSS score ?
Summary
Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:21.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://amperecomputing.com/products/security-bulletins/retbleed.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.arm.com/documentation/ka005138/1-0/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a \"Retbleed\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T12:49:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://amperecomputing.com/products/security-bulletins/retbleed.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.arm.com/documentation/ka005138/1-0/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "[email protected]",
"ID": "CVE-2022-37459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a \"Retbleed\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://amperecomputing.com/products/security-bulletins/retbleed.html",
"refsource": "MISC",
"url": "https://amperecomputing.com/products/security-bulletins/retbleed.html"
},
{
"name": "https://developer.arm.com/documentation/ka005138/1-0/",
"refsource": "MISC",
"url": "https://developer.arm.com/documentation/ka005138/1-0/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37459",
"datePublished": "2022-08-17T12:49:21",
"dateReserved": "2022-08-07T00:00:00",
"dateUpdated": "2024-08-03T10:29:21.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45454
Vulnerability from cvelistv5
Published
2022-08-17 12:46
Modified
2024-08-04 04:39
Severity ?
EPSS score ?
Summary
Ampere Altra before SRP 1.08b and Altra Max before SRP 2.05 allow information disclosure of power telemetry via HWmon.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:39:21.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://amperecomputing.com/product-security/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://amperecomputing.com/products/security-bulletins/platypus.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ampere Altra before SRP 1.08b and Altra Max\u200b before SRP 2.05 allow information disclosure of power telemetry via HWmon."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T12:46:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://amperecomputing.com/product-security/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://amperecomputing.com/products/security-bulletins/platypus.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "[email protected]",
"ID": "CVE-2021-45454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ampere Altra before SRP 1.08b and Altra Max\u200b before SRP 2.05 allow information disclosure of power telemetry via HWmon."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://amperecomputing.com/product-security/",
"refsource": "MISC",
"url": "https://amperecomputing.com/product-security/"
},
{
"name": "https://amperecomputing.com/products/security-bulletins/platypus.html",
"refsource": "MISC",
"url": "https://amperecomputing.com/products/security-bulletins/platypus.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45454",
"datePublished": "2022-08-17T12:46:05",
"dateReserved": "2021-12-21T00:00:00",
"dateUpdated": "2024-08-04T04:39:21.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-46892
Vulnerability from cvelistv5
Published
2023-02-15 00:00
Modified
2025-03-19 17:49
Severity ?
EPSS score ?
Summary
In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:47:27.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://amperecomputing.com/products/security-bulletins/root-complex-OS-re-enable"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46892",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-19T17:49:19.212589Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T17:49:23.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-17T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://amperecomputing.com/products/security-bulletins/root-complex-OS-re-enable"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-46892",
"datePublished": "2023-02-15T00:00:00.000Z",
"dateReserved": "2022-12-09T00:00:00.000Z",
"dateUpdated": "2025-03-19T17:49:23.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-08-17 13:15
Modified
2024-11-21 06:32
Severity ?
Summary
Ampere Altra before SRP 1.08b and Altra Max before SRP 2.05 allow information disclosure of power telemetry via HWmon.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| amperecomputing | ampere_altra_firmware | * | |
| amperecomputing | ampere_altra | - | |
| amperecomputing | ampere_altra_max_firmware | * | |
| amperecomputing | ampere_altra_max | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amperecomputing:ampere_altra_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D27037E-F9D4-45C6-9C0F-CC4FC79B7AB3",
"versionEndExcluding": "1.08b",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amperecomputing:ampere_altra:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62F8E59F-D4A4-4C58-BE5E-C5C0B8E40D37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amperecomputing:ampere_altra_max_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74E0633B-23E1-4CE0-8953-431954C91E0E",
"versionEndExcluding": "2.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amperecomputing:ampere_altra_max:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8623E0-29D4-4AF7-B538-995F4E871B32",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ampere Altra before SRP 1.08b and Altra Max\u200b before SRP 2.05 allow information disclosure of power telemetry via HWmon."
},
{
"lang": "es",
"value": "Ampere Altra versiones anteriores a SRP 1.08b y Altra Max versiones anteriores a SRP 2.05, permiten una divulgaci\u00f3n de informaci\u00f3n de telemetr\u00eda de energ\u00eda por medio de HWmon."
}
],
"id": "CVE-2021-45454",
"lastModified": "2024-11-21T06:32:14.483",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "[email protected]",
"type": "Primary"
}
]
},
"published": "2022-08-17T13:15:08.300",
"references": [
{
"source": "[email protected]",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://amperecomputing.com/product-security/"
},
{
"source": "[email protected]",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://amperecomputing.com/products/security-bulletins/platypus.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://amperecomputing.com/product-security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://amperecomputing.com/products/security-bulletins/platypus.html"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "[email protected]",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-29 01:15
Modified
2025-05-20 20:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| [email protected] | https://amperecomputing.com/products/security-bulletins/hertzbleed.html | Vendor Advisory | |
| [email protected] | https://developer.arm.com/documentation/ka005111/1-0/?lang=en | Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://amperecomputing.com/products/security-bulletins/hertzbleed.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://developer.arm.com/documentation/ka005111/1-0/?lang=en | Technical Description, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amperecomputing:ampere_altra_max_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D508EFD0-F78B-490A-A86A-42755F88A8D1",
"versionEndIncluding": "2022-07-15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amperecomputing:ampere_altra_max:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8623E0-29D4-4AF7-B538-995F4E871B32",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amperecomputing:ampere_altra_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EBF221A-618C-43D7-9B38-EC271D2DEFFF",
"versionEndIncluding": "2022-07-15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amperecomputing:ampere_altra:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62F8E59F-D4A4-4C58-BE5E-C5C0B8E40D37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amperecomputing:ampereone_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7E547D-0D87-4E41-9DD9-2175B5025E0C",
"versionEndIncluding": "2022-07-15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amperecomputing:ampereone:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78D60FF6-5D64-442B-95F4-9A4C1256F9AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system."
},
{
"lang": "es",
"value": "Los dispositivos Ampere Altra y Ampere Altra Max versiones hasta el 15-07-2022, permiten ataques por Hertzbleed, que es un ataque de canal lateral de energ\u00eda que extrae informaci\u00f3n secreta de la CPU correlacionando el consumo de energ\u00eda con los datos que son procesados en el sistema"
}
],
"id": "CVE-2022-35888",
"lastModified": "2025-05-20T20:15:22.750",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "[email protected]",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-09-29T01:15:08.970",
"references": [
{
"source": "[email protected]",
"tags": [
"Vendor Advisory"
],
"url": "https://amperecomputing.com/products/security-bulletins/hertzbleed.html"
},
{
"source": "[email protected]",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://developer.arm.com/documentation/ka005111/1-0/?lang=en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://amperecomputing.com/products/security-bulletins/hertzbleed.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://developer.arm.com/documentation/ka005111/1-0/?lang=en"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "[email protected]",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-17 13:15
Modified
2024-11-21 07:15
Severity ?
Summary
Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| amperecomputing | ampere_altra_firmware | * | |
| amperecomputing | ampere_altra | - | |
| amperecomputing | ampere_altra_max_firmware | * | |
| amperecomputing | ampere_altra_max | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amperecomputing:ampere_altra_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9389458-A2CF-46C8-A7B0-F2A0C594C8CA",
"versionEndExcluding": "1.08g",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amperecomputing:ampere_altra:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62F8E59F-D4A4-4C58-BE5E-C5C0B8E40D37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amperecomputing:ampere_altra_max_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E590AD6B-DE99-424D-B0B0-6AE7FBFB0066",
"versionEndExcluding": "2.05a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amperecomputing:ampere_altra_max:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8623E0-29D4-4AF7-B538-995F4E871B32",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a \"Retbleed\" issue."
},
{
"lang": "es",
"value": "Los dispositivos Ampere Altra versiones anteriores a 1.08g y los dispositivos Ampere Altra Max versiones anteriores a 2.05a, permiten a atacantes controlar las predicciones de las direcciones de retorno y potencialmente secuestrar el flujo de c\u00f3digo para ejecutar c\u00f3digo arbitrario por medio de un ataque de canal lateral, tambi\u00e9n se conoce como problema \"Retbleed\"."
}
],
"id": "CVE-2022-37459",
"lastModified": "2024-11-21T07:15:01.300",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "[email protected]",
"type": "Primary"
}
]
},
"published": "2022-08-17T13:15:08.433",
"references": [
{
"source": "[email protected]",
"tags": [
"Vendor Advisory"
],
"url": "https://amperecomputing.com/products/security-bulletins/retbleed.html"
},
{
"source": "[email protected]",
"tags": [
"Third Party Advisory"
],
"url": "https://developer.arm.com/documentation/ka005138/1-0/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://amperecomputing.com/products/security-bulletins/retbleed.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://developer.arm.com/documentation/ka005138/1-0/"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "[email protected]",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-15 17:15
Modified
2025-03-19 18:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| amperecomputing | ampere_altra_firmware | * | |
| amperecomputing | ampere_altra | - | |
| amperecomputing | ampere_altra_max_firmware | * | |
| amperecomputing | ampere_altra_max | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amperecomputing:ampere_altra_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8946B46-F477-4C43-B2AE-7CD2ED6FD98E",
"versionEndExcluding": "2.10c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amperecomputing:ampere_altra:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62F8E59F-D4A4-4C58-BE5E-C5C0B8E40D37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amperecomputing:ampere_altra_max_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0365934A-CA89-48F6-9D97-53DCC8368253",
"versionEndExcluding": "2.10c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amperecomputing:ampere_altra_max:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8623E0-29D4-4AF7-B538-995F4E871B32",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex."
}
],
"id": "CVE-2022-46892",
"lastModified": "2025-03-19T18:15:18.570",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "[email protected]",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-02-15T17:15:12.090",
"references": [
{
"source": "[email protected]",
"tags": [
"Vendor Advisory"
],
"url": "https://amperecomputing.com/products/security-bulletins/root-complex-OS-re-enable"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://amperecomputing.com/products/security-bulletins/root-complex-OS-re-enable"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "[email protected]",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-10 17:47
Modified
2024-11-21 06:52
Severity ?
Summary
Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amperecomputing:ampere_altra_max_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD11462B-20A3-4D99-B7B8-270AFAC16306",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amperecomputing:ampere_altra_max:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8623E0-29D4-4AF7-B538-995F4E871B32",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amperecomputing:ampere_altra_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0074CA-F557-4610-AB0F-A88C720AD661",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amperecomputing:ampere_altra:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62F8E59F-D4A4-4C58-BE5E-C5C0B8E40D37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:neoverse-e1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2543729C-69F9-47C8-B5E4-87156BFFF32F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:neoverse-e1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A639E025-B946-4A84-88B9-2E5E655711CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:neoverse-v1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E32A1FF8-3A37-4D10-8DBB-3ECAA8A5F970",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:neoverse-v1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3F388EB-8A46-43E1-9AB1-5832FBB9262A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-a57_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68D895EC-B0A9-4292-AC64-60673F72C765",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a57:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B00CD88D-5649-403F-A55A-BD49427D30FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-a65_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE23799E-5B88-4631-B3D8-04BDB6A0795E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a65:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE41A45-7244-4A96-9A22-3BF57F9B7560",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-a65ae_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18E54F07-38EA-4CCC-8F59-855D9251F818",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a65ae:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5693AF9C-8E4A-4BFD-AE1C-073CB3B5053D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-a72_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38768B2B-F1A3-4A76-8716-9520CA075F3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16E23102-964E-485D-8EFF-4B1BBFE6EDE4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-a73_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7173A6DC-4D4E-424C-A922-C16D67627834",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a73:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33B1374D-59E8-4FE5-AC6C-0323AB1DD60D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-a75_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A891447-2F1D-48B4-AA47-3CB7EA4FDC7C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a75:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C1DF922-1F46-41A6-A367-E56DD8C4163D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-a76_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08CC4E5E-2794-4893-9B45-E14A3F4CF159",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a76:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FCA77-71D3-495E-BA2A-2953369E5DCC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-a76ae_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6022C19-3C39-439E-AE6E-2319D831CF99",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a76ae:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B08A239-BFC8-41EA-8A48-69F8DD7FC221",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-a77_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "155A0C39-4D0A-4264-B392-46002908939C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a77:-:*:*:*:*:*:*:*",
"matchCriteriaId": "514DE9F5-D826-42AA-B4CF-3EB09F4D3D5D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-a78_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96AB8C81-F441-4563-B5E0-B738DF4D1C50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a78:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDA3C472-D1E9-47B3-AFD0-BD274E3291F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-a78ae_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E30BECA7-C45A-423D-9200-98D51BE9C84C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a78ae:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E376B2A-430D-4D1D-BC28-92CD7E1E8564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-a78c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B159B3-65DD-4914-A4A4-EF342A3BAEB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a78c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6194A1A7-A29D-4ECC-8D6D-02C17D49851E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-x1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D200C1F-1909-4952-824F-A2D279B9B37E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-x1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC9F68C-7D65-4D29-AAA1-BA43228C6208",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-x2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B749251-B873-4E37-BB5C-1D4C021205D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-x2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7FB822-DD26-402E-A413-EF55B6C01D07",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-a710_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2AF7E5CA-95FF-4242-BD6E-8BDC185DA095",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CEEC509-2A56-48F1-B388-3A8660D58FB5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:cortex-a15_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23EADA1F-73E8-4E70-AF90-CE8D26552687",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:cortex-a15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FDE279-49C3-452A-B9B0-36199C221F95",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:neoverse_n1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4164A584-6F0D-4154-8FED-DC044CDE1FE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:neoverse_n1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74C9E6FC-9C40-4105-9FB0-17013E1ABBB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:neoverse_n2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B37176F-0AF4-4410-9C1F-4C5ED0051681",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:neoverse_n2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F2936E-A611-472E-8EF0-F336A19DF578",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim\u0027s hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected."
},
{
"lang": "es",
"value": "Spectre BHB es una variante de Spectre-v2 en la que el c\u00f3digo malicioso usa el historial de bifurcaciones compartido (almacenado en el BHB de la CPU) para influir en las bifurcaciones mal predichas en el contexto de hardware de la v\u00edctima. Una especulaci\u00f3n causada por estas ramas mal predichas puede entonces ser usada potencialmente para causar la asignaci\u00f3n de la cach\u00e9, la cual puede ser usada para inferir informaci\u00f3n que debe ser protegida"
}
],
"id": "CVE-2022-25368",
"lastModified": "2024-11-21T06:52:05.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "[email protected]",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "[email protected]",
"type": "Primary"
}
]
},
"published": "2022-03-10T17:47:07.880",
"references": [
{
"source": "[email protected]",
"tags": [
"Vendor Advisory"
],
"url": "https://amperecomputing.com/products/security-bulletins/impact-of-spectre-bhb-on-ampere.html"
},
{
"source": "[email protected]",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960"
},
{
"source": "[email protected]",
"tags": [
"Patch",
"Technical Description",
"Vendor Advisory"
],
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://amperecomputing.com/products/security-bulletins/impact-of-spectre-bhb-on-ampere.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Technical Description",
"Vendor Advisory"
],
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "[email protected]",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-01 00:15
Modified
2024-11-21 07:06
Severity ?
Summary
On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| amperecomputing | ampere_altra_firmware | * | |
| amperecomputing | ampere_altra | - | |
| amperecomputing | ampere_altra_max_firmware | * | |
| amperecomputing | ampere_altra_max | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amperecomputing:ampere_altra_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2FE70D-C711-4259-9BC6-CC91E5A6F85B",
"versionEndExcluding": "1.09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amperecomputing:ampere_altra:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62F8E59F-D4A4-4C58-BE5E-C5C0B8E40D37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amperecomputing:ampere_altra_max_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1764DDA1-D41D-44FF-9C47-12FDE205D30B",
"versionEndExcluding": "1.09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amperecomputing:ampere_altra_max:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8623E0-29D4-4AF7-B538-995F4E871B32",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component."
},
{
"lang": "es",
"value": "En los dispositivos Ampere Altra y AltraMax anteriores a SRP 1.09, el dise\u00f1o de referencia Altra de los accesos UEFI permite el acceso inseguro a SPI-NOR por parte del componente OS/hypervisor"
}
],
"id": "CVE-2022-32295",
"lastModified": "2024-11-21T07:06:07.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "[email protected]",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "[email protected]",
"type": "Primary"
}
]
},
"published": "2022-07-01T00:15:08.813",
"references": [
{
"source": "[email protected]",
"tags": [
"Vendor Advisory"
],
"url": "https://amperecomputing.com"
},
{
"source": "[email protected]",
"tags": [
"Broken Link"
],
"url": "https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc-protection-for-ampere-website.html"
},
{
"source": "[email protected]",
"tags": [
"Vendor Advisory"
],
"url": "https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://amperecomputing.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc-protection-for-ampere-website.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc.html"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "[email protected]",
"type": "Primary"
}
]
}