Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-35888

Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system.

Published

2022-09-29T01:15:08.970

Last Modified

2025-05-20T20:15:22.750

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-203
Type: Secondary
CWE-203

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	amperecomputing	ampere_altra_max_firmware	≤ 2022-07-15	Yes
Hardware	amperecomputing	ampere_altra_max	-	No
Operating System	amperecomputing	ampere_altra_firmware	≤ 2022-07-15	Yes
Hardware	amperecomputing	ampere_altra	-	No
Operating System	amperecomputing	ampereone_firmware	≤ 2022-07-15	Yes
Hardware	amperecomputing	ampereone	-	No

References

https://amperecomputing.com/products/security-bulletins/hertzbleed.html Vendor Advisory ([email protected])
https://developer.arm.com/documentation/ka005111/1-0/?lang=en Technical Description, Third Party Advisory ([email protected])
https://amperecomputing.com/products/security-bulletins/hertzbleed.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://developer.arm.com/documentation/ka005111/1-0/?lang=en Technical Description, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)