On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component.
References
Link | Resource |
---|---|
https://amperecomputing.com | Vendor Advisory |
https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc-protection-for-ampere-website.html | Broken Link |
https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc.html | Vendor Advisory |
Configurations
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo |
28 Oct 2022, 19:28
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc.html - Vendor Advisory |
21 Jul 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
Summary | On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component. |
14 Jul 2022, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Jul 2022, 19:22
Type | Values Removed | Values Added |
---|---|---|
First Time |
Amperecomputing
Amperecomputing ampere Altra Firmware Amperecomputing ampere Altra Amperecomputing ampere Altra Max Amperecomputing ampere Altra Max Firmware |
|
References | (MISC) https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc-protection-for-ampere-website.html - Broken Link | |
References | (MISC) https://amperecomputing.com - Vendor Advisory | |
CPE | cpe:2.3:h:amperecomputing:ampere_altra:-:*:*:*:*:*:*:* cpe:2.3:o:amperecomputing:ampere_altra_max_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:amperecomputing:ampere_altra_max:-:*:*:*:*:*:*:* cpe:2.3:o:amperecomputing:ampere_altra_firmware:*:*:*:*:*:*:*:* |
|
CWE | CWE-863 | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
01 Jul 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-01 00:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-32295
Mitre link : CVE-2022-32295
CVE.ORG link : CVE-2022-32295
JSON object : View
Products Affected
amperecomputing
- ampere_altra
- ampere_altra_max
- ampere_altra_firmware
- ampere_altra_max_firmware
CWE