Vulnerability Details CVE-2022-32295
On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://amperecomputing.com
- https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc-protection-for-ampere-website.html
- https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc.html
- https://amperecomputing.com
- https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc-protection-for-ampere-website.html
- https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc.html
Products affected by CVE-2022-32295
-
cpe:2.3:h:amperecomputing:ampere_altra:-
-
cpe:2.3:h:amperecomputing:ampere_altra_max:-
-
cpe:2.3:o:amperecomputing:ampere_altra_firmware:-
-
cpe:2.3:o:amperecomputing:ampere_altra_firmware:1.08b
-
cpe:2.3:o:amperecomputing:ampere_altra_max_firmware:-