CVE-2022-37459
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue.
Los dispositivos Ampere Altra versiones anteriores a 1.08g y los dispositivos Ampere Altra Max versiones anteriores a 2.05a, permiten a atacantes controlar las predicciones de las direcciones de retorno y potencialmente secuestrar el flujo de código para ejecutar código arbitrario por medio de un ataque de canal lateral, también se conoce como problema "Retbleed".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-08-07 CVE Reserved
- 2022-08-17 CVE Published
- 2024-03-09 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-203: Observable Discrepancy
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://developer.arm.com/documentation/ka005138/1-0 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://amperecomputing.com/products/security-bulletins/retbleed.html | 2022-08-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Amperecomputing Search vendor "Amperecomputing" | Ampere Altra Firmware Search vendor "Amperecomputing" for product "Ampere Altra Firmware" | < 1.08g Search vendor "Amperecomputing" for product "Ampere Altra Firmware" and version " < 1.08g" | - |
Affected
| in | Amperecomputing Search vendor "Amperecomputing" | Ampere Altra Search vendor "Amperecomputing" for product "Ampere Altra" | - | - |
Safe
|
| Amperecomputing Search vendor "Amperecomputing" | Ampere Altra Max Firmware Search vendor "Amperecomputing" for product "Ampere Altra Max Firmware" | < 2.05a Search vendor "Amperecomputing" for product "Ampere Altra Max Firmware" and version " < 2.05a" | - |
Affected
| in | Amperecomputing Search vendor "Amperecomputing" | Ampere Altra Max Search vendor "Amperecomputing" for product "Ampere Altra Max" | - | - |
Safe
|