6.5

CVE-2022-35888

Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AmperecomputingAmpere Altra Max Firmware Version <= 2022-07-15
   AmperecomputingAmpere Altra Max Version-
AmperecomputingAmpere Altra Firmware Version <= 2022-07-15
   AmperecomputingAmpere Altra Version-
AmperecomputingAmpereone Firmware Version <= 2022-07-15
   AmperecomputingAmpereone Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.58% 0.438
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

https://amperecomputing.com/products/security-bulletins/hertzbleed.html
Vendor Advisory
https://developer.arm.com/documentation/ka005111/1-0/?lang=en
Third Party Advisory
Technical Description