Skip to main content

Ampere Altra Max Firmware

4 CVEs product

Monthly

CVE-2022-35888 MEDIUM This Month

Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ampere Altra Max Firmware Ampere Altra Firmware Ampereone Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-37459 HIGH This Week

Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Ampere Altra Firmware Ampere Altra Max Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-32295 CRITICAL Act Now

On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ampere Altra Firmware Ampere Altra Max Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-25368 MEDIUM PATCH This Month

Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Rated medium severity (CVSS 4.7).

Information Disclosure Ampere Altra Max Firmware Ampere Altra Firmware Neoverse E1 Firmware Neoverse V1 Firmware +18
NVD
CVSS 3.1
4.7
EPSS
0.3%
EPSS 1% CVSS 6.5
MEDIUM This Month

Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ampere Altra Max Firmware Ampere Altra Firmware +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Ampere Altra Firmware Ampere Altra Max Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ampere Altra Firmware Ampere Altra Max Firmware
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Rated medium severity (CVSS 4.7).

Information Disclosure Ampere Altra Max Firmware Ampere Altra Firmware +20
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy