CVE-2022-37459
HIGHAmpere Altra and Altra Max Firmware - Return Address Prediction Hijack via Retbleed Side-Channel
Title source: llmDescription
Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://amperecomputing.com/products/security-bulletins/retbleed.html
Third Party Advisory x_refsource_misc
https://developer.arm.com/documentation/ka005138/1-0/
Scores
CVSS v3
7.8
EPSS
0.0021
EPSS Percentile
11.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-203
Status
published
Products (2)
amperecomputing/ampere_altra_firmware
< 1.08g
amperecomputing/ampere_altra_max_firmware
< 2.05a
Published
Aug 17, 2022
Tracked Since
Feb 18, 2026