In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAmperecomputing Ampere Altra
HWAmperecomputingwszystkie wersjeAmperecomputing Ampere Altra Firmware
OSAmperecomputing< 2.10cAmperecomputing Ampere Altra Max
HWAmperecomputingwszystkie wersjeAmperecomputing Ampere Altra Max Firmware
OSAmperecomputing< 2.10c
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2022-32295CRITICAL9.8ten sam produkt
On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insec...
CVE-2021-45454HIGH7.5ten sam produkt
Ampere Altra before SRP 1.08b and Altra Max before SRP 2.05 allow information disclosure of power telemetry v...
CVE-2022-37459HIGH7.8ten sam produkt
Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the pre...
CVE-2022-35888MEDIUM6.5ten sam produkt
Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power si...
CVE-2022-25368MEDIUM4.7ten sam produkt
Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the C...