Ampere Altra Firmware@* Security Vulnerabilities and Issues — Ampere Altra Firmware@* CVE List

Lucene search

AmperecomputingAmpere Altra Firmware*

5 matches found

CVE•added 2022/07/01 12:15 a.m.•57 views

CVE-2022-32295

On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component.

9.8CVSS9.3AI score0.00619EPSS

CVE•added 2022/08/17 1:15 p.m.•46 views

CVE-2021-45454

Ampere Altra before SRP 1.08b and Altra Max before SRP 2.05 allow information disclosure of power telemetry via HWmon.

7.5CVSS7.3AI score0.0023EPSS

CVE•added 2023/02/15 5:15 p.m.•44 views

CVE-2022-46892

In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex.

9.8CVSS9.3AI score0.00216EPSS

CVE•added 2022/08/17 1:15 p.m.•43 views

CVE-2022-37459

Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue.

7.8CVSS7.9AI score0.00107EPSS

CVE•added 2022/09/29 1:15 a.m.•40 views

CVE-2022-35888

Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system.

6.5CVSS6.4AI score0.00378EPSS