18 matches found
EUVD-2022-38761
Malicious code in bioql PyPI...
CVE-2022-35888
Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system...
Design/Logic Flaw
Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system...
CVE-2022-35888
Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system...
CVE-2022-35888
CVE-2022-35888 affects Ampere Altra and Ampere Altra Max devices through 2022-07-15. The issue enables Hertzbleed, a power side-channel attack that can extract secret information by correlating CPU power consumption with processed data. The base CVSS vector indicates Network attack vector, low at...
Ampere Computing Ampere Altra 安全漏洞
Ampere Computing Ampere Altra is an 80-core server processor from Ampere Computing, USA. A security vulnerability exists in Ampere Altra and Ampere Altra Max 2022-7-15 and prior versions, which stems from an attack that allows via Hertzbleed, secret information to be extracted from the CPU by...
CVE-2021-45454
Ampere Altra before SRP 1.08b and Altra Max before SRP 2.05 allow information disclosure of power telemetry via HWmon...
CVE-2022-37459
Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue...
CVE-2021-45454
Ampere Altra before SRP 1.08b and Altra Max before SRP 2.05 allow information disclosure of power telemetry via HWmon...
CVE-2022-37459
Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue...
CVE-2022-37459
This CVE affects Ampere Altra line: Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a are vulnerable to a Retbleed-style attack that can hijack code flow by manipulating return-address predictions. Impact is the potential execution of arbitrary code via a side-channel. A...
CVE-2021-45454
The vulnerability CVE-2021-45454 affects Ampere Altra SRP prior to 1.08b and Ampere Altra Max SRP prior to 2.05, allowing information disclosure of power telemetry via HWmon. The root cause is exposure of power telemetry data through HWmon in affected SRP versions. Impact is information disclosur...
CVE-2021-45454
Ampere Altra before SRP 1.08b and Altra Max before SRP 2.05 allow information disclosure of power telemetry via HWmon...
PT-2022-24012 · Ampere · Ampere Altra +1
Name of the Vulnerable Software and Affected Versions: Ampere Altra devices before 1.08g Ampere Altra Max devices before 2.05a Description: The issue allows attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel...
Ampere Computing Ampere Altra 安全漏洞
Ampere Computing Ampere Altra is an 80-core server processor from Ampere Computing, USA. A security vulnerability exists in Ampere Altra SRP versions prior to 1.08b and Ampere Altra Max SRP versions prior to 2.05. An attacker could exploit this vulnerability to disclose sensitive information...
PT-2022-12362 · Ampere · Ampere Altra +1
Name of the Vulnerable Software and Affected Versions: Ampere Altra versions before SRP 1.08b Ampere Altra Max versions before SRP 2.05 Description: The issue allows information disclosure of power telemetry via HWmon. Recommendations: For Ampere Altra versions before SRP 1.08b, update to SRP 1.0...
CVE-2022-32295
On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component...
CVE-2022-32295
On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component...