Vulnerability Details CVE-2022-35888
Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.3%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2022-35888
-
cpe:2.3:h:amperecomputing:ampere_altra:-
-
cpe:2.3:h:amperecomputing:ampere_altra_max:-
-
cpe:2.3:h:amperecomputing:ampereone:-
-
cpe:2.3:o:amperecomputing:ampere_altra_firmware:-
-
cpe:2.3:o:amperecomputing:ampere_altra_firmware:1.08b
-
cpe:2.3:o:amperecomputing:ampere_altra_firmware:1.09
-
cpe:2.3:o:amperecomputing:ampere_altra_firmware:2.10c
-
cpe:2.3:o:amperecomputing:ampere_altra_firmware:2022-07-15
-
cpe:2.3:o:amperecomputing:ampere_altra_max_firmware:-
-
cpe:2.3:o:amperecomputing:ampere_altra_max_firmware:1.09
-
cpe:2.3:o:amperecomputing:ampere_altra_max_firmware:2.05
-
cpe:2.3:o:amperecomputing:ampere_altra_max_firmware:2.10c
-
cpe:2.3:o:amperecomputing:ampere_altra_max_firmware:2022-07-15
-
cpe:2.3:o:amperecomputing:ampereone_firmware:2022-07-15