CVE-2022-35888
MEDIUMAmpere Altra/Ampere Altra Max <2022-07-15 - Info Disclosure
Title source: llmDescription
Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://amperecomputing.com/products/security-bulletins/hertzbleed.html
Technical Description, Third Party Advisory x_refsource_misc
https://developer.arm.com/documentation/ka005111/1-0/?lang=en
Scores
CVSS v3
6.5
EPSS
0.0057
EPSS Percentile
42.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-203
Status
published
Products (3)
amperecomputing/ampere_altra_firmware
< 2022-07-15
amperecomputing/ampere_altra_max_firmware
< 2022-07-15
amperecomputing/ampereone_firmware
< 2022-07-15
Published
Sep 29, 2022
Tracked Since
Feb 18, 2026