CVE-2022-37459

EPSS 0.17%
Published 17.08.2022 13:15:08
Last modified 21.11.2024 07:15:01
Source cve@mitre.org
Teams watchlist Login
Open Login

Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Amperecomputing ≫ Ampere Altra Firmware Version < 1.08g

Amperecomputing ≫ Ampere Altra Version-

Amperecomputing ≫ Ampere Altra Max Firmware Version < 2.05a

Amperecomputing ≫ Ampere Altra Max Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.17%	0.381

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

https://amperecomputing.com/products/security-bulletins/retbleed.html

Vendor Advisory

https://developer.arm.com/documentation/ka005138/1-0/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-37459

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-37459

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-37459

EUVD