CVE-2022-35888

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-35888
Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://amperecomputing.com/products/security-bulletins/hertzbleed.html Vendor Advisory
https://developer.arm.com/documentation/ka005111/1-0/?lang=en Technical Description Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:amperecomputing:ampere_altra_max_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amperecomputing:ampere_altra_max:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:amperecomputing:ampere_altra_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amperecomputing:ampere_altra:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:amperecomputing:ampereone_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amperecomputing:ampereone:-:*:*:*:*:*:*:*
History

03 Oct 2022, 13:47

Type Values Removed Values Added
CWE CWE-203
CPE cpe:2.3:o:amperecomputing:ampere_altra_max_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amperecomputing:ampere_altra:-:*:*:*:*:*:*:*
cpe:2.3:o:amperecomputing:ampere_altra_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amperecomputing:ampereone:-:*:*:*:*:*:*:*
cpe:2.3:h:amperecomputing:ampere_altra_max:-:*:*:*:*:*:*:*
cpe:2.3:o:amperecomputing:ampereone_firmware:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5
First Time Amperecomputing
Amperecomputing ampere Altra Max
Amperecomputing ampereone
Amperecomputing ampere Altra Max Firmware
Amperecomputing ampereone Firmware
Amperecomputing ampere Altra
Amperecomputing ampere Altra Firmware
References (MISC) https://amperecomputing.com/products/security-bulletins/hertzbleed.html - (MISC) https://amperecomputing.com/products/security-bulletins/hertzbleed.html - Vendor Advisory
References (MISC) https://developer.arm.com/documentation/ka005111/1-0/?lang=en - (MISC) https://developer.arm.com/documentation/ka005111/1-0/?lang=en - Technical Description, Third Party Advisory

29 Sep 2022, 01:43

Type Values Removed Values Added
New CVE
Information

Published : 2022-09-29 01:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-35888

Mitre link : CVE-2022-35888

CVE.ORG link : CVE-2022-35888

JSON object : View

Products Affected

amperecomputing

  • ampere_altra_max_firmware
  • ampereone_firmware
  • ampereone
  • ampere_altra
  • ampere_altra_max
  • ampere_altra_firmware
CWE
CWE-203

Observable Discrepancy