MidnightBSD

Advisories for amperecomputing

CVE-2021-45454

Ampere Altra before SRP 1.08b and Altra Max​ before SRP 2.05 allow information disclosure of power telemetry via HWmon.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
amperecomputing ampere_altra_max_firmware *
amperecomputing ampere_altra_firmware *
CVE-2022-25368 LOW

Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.0 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
arm cortex-a73_firmware -
arm cortex-a76_firmware -
arm neoverse_n1_firmware -
arm cortex-a76ae_firmware -
arm cortex-x2_firmware -
arm neoverse-v1_firmware -
arm cortex-a710_firmware -
arm neoverse_n2_firmware -
arm cortex-x1_firmware -
arm cortex-a78_firmware -
arm cortex-a15_firmware -
arm cortex-a78c_firmware -
arm cortex-a72_firmware -
arm cortex-a75_firmware -
arm cortex-a78ae_firmware -
arm neoverse-e1_firmware -
amperecomputing ampere_altra_firmware -
amperecomputing ampere_altra_max_firmware -
arm cortex-a77_firmware -
arm cortex-a65_firmware -
arm cortex-a65ae_firmware -
arm cortex-a57_firmware -
CVE-2022-32295 HIGH

On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
amperecomputing ampere_altra_max_firmware *
amperecomputing ampere_altra_firmware *
CVE-2022-35888

Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
amperecomputing ampereone_firmware *
amperecomputing ampere_altra_max_firmware *
amperecomputing ampere_altra_firmware *
CVE-2022-37459

Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
amperecomputing ampere_altra_max_firmware *
amperecomputing ampere_altra_firmware *
CVE-2022-46892

In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
amperecomputing ampere_altra_max_firmware *
amperecomputing ampere_altra_firmware *
CVE-2025-62862

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM Boot Error Record Table driver that could result in (1) an out-of-bounds read which leaks Secure-EL0 information to a process running in Non-Secure state or (2) an out-of-bounds write which corrupts Secure or Non-Secure memory, limited to memory mapped to UEFI-MM Secure Partition by the Secure Partition Manager.

Products Affected

Vendor Product Version
amperecomputing ampereone_a192-32m_firmware *
amperecomputing ampereone_a96-36m_firmware *
amperecomputing ampereone_a192-26m_firmware *
amperecomputing ampereone_a160-28m_firmware *
amperecomputing ampereone_a144-27x_firmware *
amperecomputing ampereone_a144-33m_firmware *
amperecomputing ampereone_a144-26m_firmware *
amperecomputing ampereone_a192-32x_firmware *
amperecomputing ampereone_a160-28x_firmware *
amperecomputing ampereone_a128-34x_firmware *
amperecomputing ampereone_a192-26x_firmware *
amperecomputing ampereone_a144-24x_firmware *
amperecomputing ampereone_a96-36x_firmware *
CVE-2025-62863

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM PCIe driver that could result in an out-of-bounds write within PCIe driver’s S-EL0 address space.

Products Affected

Vendor Product Version
amperecomputing ampereone_a192-32m_firmware *
amperecomputing ampereone_a96-36m_firmware *
amperecomputing ampereone_a192-26m_firmware *
amperecomputing ampereone_a160-28m_firmware *
amperecomputing ampereone_a144-27x_firmware *
amperecomputing ampereone_a144-33m_firmware *
amperecomputing ampereone_a144-26m_firmware *
amperecomputing ampereone_a192-32x_firmware *
amperecomputing ampereone_a160-28x_firmware *
amperecomputing ampereone_a128-34x_firmware *
amperecomputing ampereone_a192-26x_firmware *
amperecomputing ampereone_a144-24x_firmware *
amperecomputing ampereone_a96-36x_firmware *
CVE-2025-62864

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM MMCommunicate service that could result in an out-of-bounds write within the UEFI-MM Secure Partition context.

Products Affected

Vendor Product Version
amperecomputing ampereone_a192-32m_firmware *
amperecomputing ampereone_a96-36m_firmware *
amperecomputing ampereone_a192-26m_firmware *
amperecomputing ampereone_a160-28m_firmware *
amperecomputing ampereone_a144-27x_firmware *
amperecomputing ampereone_a144-33m_firmware *
amperecomputing ampereone_a144-26m_firmware *
amperecomputing ampereone_a192-32x_firmware *
amperecomputing ampereone_a160-28x_firmware *
amperecomputing ampereone_a128-34x_firmware *
amperecomputing ampereone_a192-26x_firmware *
amperecomputing ampereone_a144-24x_firmware *
amperecomputing ampereone_a96-36x_firmware *