CVE-2022-35888 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-35888 PUBLISHED CVSS 6.5 MEDIUM

Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system.

EPSS 0.40% · 60.5th percentile

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS Score

0.40%

60.5th percentile

Affected Products

Vendor	Product	Versions
amperecomputing	ampere_altra_max_firmware	0
amperecomputing	ampereone_firmware	0
n/a	n/a	n/a
amperecomputing	ampere_altra_firmware	0

Timeline

Sep 29, 2022 EPSS Score
Sep 29, 2022 CVE Published
Nov 12, 2022 EPSS Score
Dec 26, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 23, 2023 EPSS Score
May 6, 2023 EPSS Score
Jun 19, 2023 EPSS Score
Aug 2, 2023 EPSS Score
Sep 15, 2023 EPSS Score
Oct 29, 2023 EPSS Score

References

Open in Interactive Console →