CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-46892
https://notcve.org/view.php?id=CVE-2022-46892
15 Feb 2023 — In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex. • https://amperecomputing.com/products/security-bulletins/root-complex-OS-re-enable • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-35888
https://notcve.org/view.php?id=CVE-2022-35888
29 Sep 2022 — Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system. Los dispositivos Ampere Altra y Ampere Altra Max versiones hasta el 15-07-2022, permiten ataques por Hertzbleed, que es un ataque de canal lateral de energía que extrae información secreta de la CPU correlacionando el consumo de energía con los datos que son p... • https://amperecomputing.com/products/security-bulletins/hertzbleed.html • CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-37459
https://notcve.org/view.php?id=CVE-2022-37459
17 Aug 2022 — Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue. Los dispositivos Ampere Altra versiones anteriores a 1.08g y los dispositivos Ampere Altra Max versiones anteriores a 2.05a, permiten a atacantes controlar las predicciones de las direcciones de retorno y potencialmente secuestrar el flujo de código para ejecuta... • https://amperecomputing.com/products/security-bulletins/retbleed.html • CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-45454
https://notcve.org/view.php?id=CVE-2021-45454
17 Aug 2022 — Ampere Altra before SRP 1.08b and Altra Max before SRP 2.05 allow information disclosure of power telemetry via HWmon. Ampere Altra versiones anteriores a SRP 1.08b y Altra Max versiones anteriores a SRP 2.05, permiten una divulgación de información de telemetría de energía por medio de HWmon. • https://amperecomputing.com/product-security •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-32295
https://notcve.org/view.php?id=CVE-2022-32295
30 Jun 2022 — On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component. En los dispositivos Ampere Altra y AltraMax anteriores a SRP 1.09, el diseño de referencia Altra de los accesos UEFI permite el acceso inseguro a SPI-NOR por parte del componente OS/hypervisor • https://amperecomputing.com •
CVSS: 4.7EPSS: 0%CPEs: 44EXPL: 0CVE-2022-25368
https://notcve.org/view.php?id=CVE-2022-25368
09 Mar 2022 — Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected. Spectre BHB es una variante de Spectre-v2 en la que el código malicioso usa el historial de bifurcaciones compartido (almacenado en el BHB de la CPU)... • https://amperecomputing.com/products/security-bulletins/impact-of-spectre-bhb-on-ampere.html •