CVE-2022-35888 — Vulnetix

CVE-2022-35888 PUBLISHED CVSS 6.5 MEDIUM

Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system.

EPSS 0.40% · 61.1th percentile

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS Score

0.40%

61.1th percentile

Affected Products

Vendor	Product	Versions
amperecomputing	ampere_altra_max_firmware	0
amperecomputing	ampereone_firmware	0
n/a	n/a	*
amperecomputing	ampere_altra_firmware	0

Exploit Intelligence

https://amperecomputing.com/products/security-bulletins/hertzbleed.html (circl)
https://developer.arm.com/documentation/ka005111/1-0/?lang=en (circl)

Timeline

Sep 29, 2022 EPSS Score
Sep 29, 2022 CVE Published
Nov 12, 2022 EPSS Score
Dec 27, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 26, 2023 EPSS Score
May 9, 2023 EPSS Score
Jun 23, 2023 EPSS Score
Aug 6, 2023 EPSS Score
Sep 20, 2023 EPSS Score
Nov 3, 2023 EPSS Score

References

https://amperecomputing.com/products/security-bulletins/hertzbleed.html url
https://developer.arm.com/documentation/ka005111/1-0/?lang=en url
https://nvd.nist.gov/vuln/detail/CVE-2022-35888 advisory

Open in Interactive Console →