Amperecomputing: >> Ampere Altra Firmware >> 1.08b Security Vulnerabilities
In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-02-15
Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system.
CVSS Score
6.5
EPSS Score
0.004
Published
2022-09-29
Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-17
On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component.
CVSS Score
9.8
EPSS Score
0.006
Published
2022-07-01