Vulnerabilities > CVE-2022-37459 - Information Exposure Through Discrepancy vulnerability in Amperecomputing Ampere Altra Firmware and Ampere Altra MAX Firmware
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 5 | |
| Hardware | 2 |