Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue.
References
Link | Resource |
---|---|
https://amperecomputing.com/products/security-bulletins/retbleed.html | Vendor Advisory |
https://developer.arm.com/documentation/ka005138/1-0/ | Third Party Advisory |
Configurations
History
18 Aug 2022, 19:29
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:amperecomputing:ampere_altra:-:*:*:*:*:*:*:* cpe:2.3:o:amperecomputing:ampere_altra_max_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:amperecomputing:ampere_altra_max:-:*:*:*:*:*:*:* cpe:2.3:o:amperecomputing:ampere_altra_firmware:*:*:*:*:*:*:*:* |
|
CWE | CWE-203 | |
First Time |
Amperecomputing
Amperecomputing ampere Altra Firmware Amperecomputing ampere Altra Amperecomputing ampere Altra Max Amperecomputing ampere Altra Max Firmware |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
References | (MISC) https://amperecomputing.com/products/security-bulletins/retbleed.html - Vendor Advisory | |
References | (MISC) https://developer.arm.com/documentation/ka005138/1-0/ - Third Party Advisory |
17 Aug 2022, 13:41
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-17 13:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-37459
Mitre link : CVE-2022-37459
CVE.ORG link : CVE-2022-37459
JSON object : View
Products Affected
amperecomputing
- ampere_altra_max_firmware
- ampere_altra_firmware
- ampere_altra
- ampere_altra_max
CWE
CWE-203
Observable Discrepancy