CVE-2025-62864
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
Description
Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM MMCommunicate service that could result in an out-of-bounds write within the UEFI-MM Secure Partition context.
Affected (14)
Products: Amperecomputing: Ampereone A192 32m Firmware, Ampereone A192 26m Firmware, Ampereone A160 28m Firmware, Ampereone A144 33m Firmware, Ampereone A144 26m Firmware, Ampereone A96 36m Firmware, Ampereone A96 36x Firmware, Ampereone A128 34x Firmware, Ampereone A144 24x Firmware, Ampereone A144 27x Firmware, Ampereone A160 28x Firmware, Ampereone A192 26x Firmware, Ampereone A192 32x Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.4.5.1 |
| Running on/with | Platform Versions |
|---|---|
Amperecomputing Ampereone A192 32m | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.4.5.1 |
| Running on/with | Platform Versions |
|---|---|
Amperecomputing Ampereone A192 26m | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.4.5.1 |
| Running on/with | Platform Versions |
|---|---|
Amperecomputing Ampereone A160 28m | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.4.5.1 |
| Running on/with | Platform Versions |
|---|---|
Amperecomputing Ampereone A144 33m | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.4.5.1 |
| Running on/with | Platform Versions |
|---|---|
Amperecomputing Ampereone A144 26m | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 5.4.5.1 |
| Running on/with | Platform Versions |
|---|---|
Amperecomputing Ampereone A96 36m | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.4.5.2 |
| Running on/with | Platform Versions |
|---|---|
Amperecomputing Ampereone A96 36x | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.4.5.2 |
| Running on/with | Platform Versions |
|---|---|
Amperecomputing Ampereone A128 34x | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.4.5.2 |
| Running on/with | Platform Versions |
|---|---|
Amperecomputing Ampereone A144 24x | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.4.5.2 |
| Running on/with | Platform Versions |
|---|---|
Amperecomputing Ampereone A144 27x | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.4.5.2 |
| Running on/with | Platform Versions |
|---|---|
Amperecomputing Ampereone A160 28x | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.4.5.2 |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.5.9.3 |
| Running on/with | Platform Versions |
|---|---|
Amperecomputing Ampereone A192 26x | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.5.9.3 |
| Running on/with | Platform Versions |
|---|---|
Amperecomputing Ampereone A192 32x | All versions |
References (2)
Source: cve@mitre.org
Vendor Advisory
Timeline
No history available yet.