CVE-2022-37459

Published: Aug 17, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue.

Affected (2)

Products: Amperecomputing: Ampere Altra Firmware, Ampere Altra Max Firmware

Amperecomputing

2 products

Ampere Altra Firmware

Ampere Altra Max Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amperecomputing Ampere Altra Firmware	Before 1.08g

Running on/with	Platform Versions
Amperecomputing Ampere Altra	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Amperecomputing Ampere Altra Max Firmware	Before 2.05a

Running on/with	Platform Versions
Amperecomputing Ampere Altra Max	All versions

Related CWEs

CWE-203

Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References (4)

https://amperecomputing.com/products/security-bulletins/retbleed.html

Source: cve@mitre.org

Vendor Advisory

https://developer.arm.com/documentation/ka005138/1-0/

Source: cve@mitre.org

Third Party Advisory

https://amperecomputing.com/products/security-bulletins/retbleed.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://developer.arm.com/documentation/ka005138/1-0/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.