Amperecomputing Ampere Altra Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Amperecomputing Ampere Altra Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2022-32295 — CVSS 9.8 (critical): On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the…
CVE-2022-46892 — CVSS 9.8 (critical): In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex.
CVE-2022-37459 — CVSS 7.8 (high): Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses…
CVE-2021-45454 — CVSS 7.5 (high): Ampere Altra before SRP 1.08b and Altra Max before SRP 2.05 allow information disclosure of power telemetry via HWmon.
CVE-2022-35888 — CVSS 6.5 (medium): Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that…
CVE-2022-25368 — CVSS 4.7 (medium): Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence…