Vulnerabilities > CVE-2022-32295 - Unspecified vulnerability in Amperecomputing Ampere Altra Firmware and Ampere Altra MAX Firmware
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 3 | |
Hardware | 2 |
References
- https://amperecomputing.com
- https://amperecomputing.com
- https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc.html
- https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc.html
- https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc-protection-for-ampere-website.html
- https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc-protection-for-ampere-website.html