CVE-2022-37459

Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://amperecomputing.com/products/security-bulletins/retbleed.html	Vendor Advisory
https://developer.arm.com/documentation/ka005138/1-0/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:amperecomputing:ampere_altra_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amperecomputing:ampere_altra:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:amperecomputing:ampere_altra_max_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amperecomputing:ampere_altra_max:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-08-17 13:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-37459

Mitre link : CVE-2022-37459

CVE.ORG link : CVE-2022-37459

JSON object : View

Products Affected

amperecomputing

ampere_altra
ampere_altra_max_firmware
ampere_altra_max
ampere_altra_firmware

CWE

CWE-203

Observable Discrepancy

{"id": "CVE-2022-37459", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-08-17T13:15:08.433", "references": [{"url": "https://amperecomputing.com/products/security-bulletins/retbleed.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://developer.arm.com/documentation/ka005138/1-0/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-203"}]}], "descriptions": [{"lang": "en", "value": "Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a \"Retbleed\" issue."}, {"lang": "es", "value": "Los dispositivos Ampere Altra versiones anteriores a 1.08g y los dispositivos Ampere Altra Max versiones anteriores a 2.05a, permiten a atacantes controlar las predicciones de las direcciones de retorno y potencialmente secuestrar el flujo de c\u00f3digo para ejecutar c\u00f3digo arbitrario por medio de un ataque de canal lateral, tambi\u00e9n se conoce como problema \"Retbleed\"."}], "lastModified": "2022-08-18T19:29:43.743", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:amperecomputing:ampere_altra_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9389458-A2CF-46C8-A7B0-F2A0C594C8CA", "versionEndExcluding": "1.08g"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:amperecomputing:ampere_altra:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "62F8E59F-D4A4-4C58-BE5E-C5C0B8E40D37"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:amperecomputing:ampere_altra_max_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E590AD6B-DE99-424D-B0B0-6AE7FBFB0066", "versionEndExcluding": "2.05a"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:amperecomputing:ampere_altra_max:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5B8623E0-29D4-4AF7-B538-995F4E871B32"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}