Vulnerability Description
Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amperecomputing | Ampere Altra Max Firmware | <= 2022-07-15 |
| Amperecomputing | Ampere Altra Max | - |
| Amperecomputing | Ampere Altra Firmware | <= 2022-07-15 |
| Amperecomputing | Ampere Altra | - |
| Amperecomputing | Ampereone Firmware | <= 2022-07-15 |
| Amperecomputing | Ampereone | - |
Related Weaknesses (CWE)
References
- https://amperecomputing.com/products/security-bulletins/hertzbleed.htmlVendor Advisory
- https://developer.arm.com/documentation/ka005111/1-0/?lang=enTechnical DescriptionThird Party Advisory
- https://amperecomputing.com/products/security-bulletins/hertzbleed.htmlVendor Advisory
- https://developer.arm.com/documentation/ka005111/1-0/?lang=enTechnical DescriptionThird Party Advisory
FAQ
What is CVE-2022-35888?
CVE-2022-35888 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power c...
How severe is CVE-2022-35888?
CVE-2022-35888 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-35888?
Check the references section above for vendor advisories and patch information. Affected products include: Amperecomputing Ampere Altra Max Firmware, Amperecomputing Ampere Altra Max, Amperecomputing Ampere Altra Firmware, Amperecomputing Ampere Altra, Amperecomputing Ampereone Firmware.