HIGH🇵🇱 Wersja polska

CVE-2022-37459

CVSS 7.8v3.1pub. 2022-08-17upd. 2024-11-21

Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Amperecomputing Ampere Altra

    HW
    Amperecomputing
    wszystkie wersje
  • Amperecomputing Ampere Altra Firmware

    OS
    Amperecomputing
    < 1.08g
  • Amperecomputing Ampere Altra Max

    HW
    Amperecomputing
    wszystkie wersje
  • Amperecomputing Ampere Altra Max Firmware

    OS
    Amperecomputing
    < 2.05a
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2022-46892CRITICAL9.8ten sam produkt

In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a dis...

CVE-2022-32295CRITICAL9.8ten sam produkt

On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insec...

CVE-2021-45454HIGH7.5ten sam produkt

Ampere Altra before SRP 1.08b and Altra Max​ before SRP 2.05 allow information disclosure of power telemetry v...

CVE-2022-35888MEDIUM6.5ten sam produkt

Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power si...

CVE-2022-25368MEDIUM4.7ten sam produkt

Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the C...