CVE-2022-37459

EPSS 0.17%
Veröffentlicht 17.08.2022 13:15:08
Zuletzt bearbeitet 21.11.2024 07:15:01
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Amperecomputing ≫ Ampere Altra Firmware Version < 1.08g

Amperecomputing ≫ Ampere Altra Version-

Amperecomputing ≫ Ampere Altra Max Firmware Version < 2.05a

Amperecomputing ≫ Ampere Altra Max Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.381

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

https://amperecomputing.com/products/security-bulletins/retbleed.html

Vendor Advisory

https://developer.arm.com/documentation/ka005138/1-0/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-37459

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-37459

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-37459

EUVD