Vulnerabilities > Amperecomputing > Ampere Altra MAX Firmware > 2.05

DATE	CVE	VULNERABILITY TITLE	RISK
2023-02-15	CVE-2022-46892	Unspecified vulnerability in Amperecomputing Ampere Altra Firmware and Ampere Altra MAX Firmware In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex. network low complexity amperecomputing critical	9.8
2022-09-29	CVE-2022-35888	Information Exposure Through Discrepancy vulnerability in Amperecomputing products Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system. network low complexity amperecomputing CWE-203	6.5
2022-08-17	CVE-2022-37459	Information Exposure Through Discrepancy vulnerability in Amperecomputing Ampere Altra Firmware and Ampere Altra MAX Firmware Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue. local low complexity amperecomputing CWE-203	7.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.