4.6
CVE-2025-62862
- EPSS 0.02%
- Veröffentlicht 16.12.2025 00:00:00
- Zuletzt bearbeitet 31.12.2025 00:28:47
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAmpere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM Boot Error Record Table driver that could result in (1) an out-of-bounds read which leaks Secure-EL0 information to a process running in Non-Secure state or (2) an out-of-bounds write which corrupts Secure or Non-Secure memory, limited to memory mapped to UEFI-MM Secure Partition by the Secure Partition Manager.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Amperecomputing ≫ Ampereone A192-32m Firmware Version < 5.4.5.1
Amperecomputing ≫ Ampereone A192-26m Firmware Version < 5.4.5.1
Amperecomputing ≫ Ampereone A160-28m Firmware Version < 5.4.5.1
Amperecomputing ≫ Ampereone A144-33m Firmware Version < 5.4.5.1
Amperecomputing ≫ Ampereone A144-26m Firmware Version < 5.4.5.1
Amperecomputing ≫ Ampereone A96-36m Firmware Version < 5.4.5.1
Amperecomputing ≫ Ampereone A96-36x Firmware Version < 4.4.5.2
Amperecomputing ≫ Ampereone A128-34x Firmware Version < 4.4.5.2
Amperecomputing ≫ Ampereone A144-24x Firmware Version < 4.4.5.2
Amperecomputing ≫ Ampereone A144-27x Firmware Version < 4.4.5.2
Amperecomputing ≫ Ampereone A160-28x Firmware Version < 4.4.5.2
Amperecomputing ≫ Ampereone A192-26x Firmware Version < 4.4.5.2
Amperecomputing ≫ Ampereone A192-26x Firmware Version < 3.5.9.3
Amperecomputing ≫ Ampereone A192-32x Firmware Version < 3.5.9.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.023 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.6 | 1.5 | 2.7 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.