Vulnerabilities > CVE-2022-35888 - Information Exposure Through Discrepancy vulnerability in Amperecomputing products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

amperecomputing

CWE-203

NVD

Published: 2022-09-29

Updated: 2022-10-03

Summary

Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system.

Vulnerable Configurations

Part	Description	Count
OS	Amperecomputing Amperecomputing Ampere Altra MAX Firmware - Amperecomputing Ampere Altra Firmware - Amperecomputing Ampereone Firmware *	3
Hardware	Amperecomputing Amperecomputing Ampere Altra MAX - Amperecomputing Ampere Altra - Amperecomputing Ampereone -	3

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References