CVE-2025-62862
4.6
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L
Exploitability: 1.5 / Impact: 2.7
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
Description
Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM Boot Error Record Table driver that could result in (1) an out-of-bounds read which leaks Secure-EL0 information to a process running in Non-Secure state or (2) an out-of-bounds write which corrupts Secure or Non-Secure memory, limited to memory mapped to UEFI-MM Secure Partition by the Secure Partition Manager.
Affected (14)
Products: Amperecomputing: Ampereone A192 32m Firmware, Ampereone A192 26m Firmware, Ampereone A160 28m Firmware, Ampereone A144 33m Firmware, Ampereone A144 26m Firmware, Ampereone A96 36m Firmware, Ampereone A96 36x Firmware, Ampereone A128 34x Firmware, Ampereone A144 24x Firmware, Ampereone A144 27x Firmware, Ampereone A160 28x Firmware, Ampereone A192 26x Firmware, Ampereone A192 32x Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.4.5.1 |
| Running on/with | Platform Versions |
|---|---|
Amperecomputing Ampereone A192 32m | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.4.5.1 |
| Running on/with | Platform Versions |
|---|---|
Amperecomputing Ampereone A192 26m | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.4.5.1 |
| Running on/with | Platform Versions |
|---|---|
Amperecomputing Ampereone A160 28m | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.4.5.1 |
| Running on/with | Platform Versions |
|---|---|
Amperecomputing Ampereone A144 33m | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.4.5.1 |
| Running on/with | Platform Versions |
|---|---|
Amperecomputing Ampereone A144 26m | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.4.5.1 |
| Running on/with | Platform Versions |
|---|---|
Amperecomputing Ampereone A96 36m | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.4.5.2 |
| Running on/with | Platform Versions |
|---|---|
Amperecomputing Ampereone A96 36x | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.4.5.2 |
| Running on/with | Platform Versions |
|---|---|
Amperecomputing Ampereone A128 34x | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.4.5.2 |
| Running on/with | Platform Versions |
|---|---|
Amperecomputing Ampereone A144 24x | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.4.5.2 |
| Running on/with | Platform Versions |
|---|---|
Amperecomputing Ampereone A144 27x | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.4.5.2 |
| Running on/with | Platform Versions |
|---|---|
Amperecomputing Ampereone A160 28x | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.4.5.2 |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.5.9.3 |
| Running on/with | Platform Versions |
|---|---|
Amperecomputing Ampereone A192 26x | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.5.9.3 |
| Running on/with | Platform Versions |
|---|---|
Amperecomputing Ampereone A192 32x | All versions |
Related CWEs
References (2)
Source: cve@mitre.org
Vendor Advisory
Timeline
No history available yet.