CVE-2022-37459
Summary
| CVE | CVE-2022-37459 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-08-17 13:15:00 UTC |
| Updated | 2022-08-18 19:29:00 UTC |
| Description | Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue. |
Risk And Classification
Problem Types: CWE-203
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Amperecomputing | Ampere Altra | - | All | All | All |
| Operating System | Amperecomputing | Ampere Altra Firmware | All | All | All | All |
| Hardware | Amperecomputing | Ampere Altra Max | - | All | All | All |
| Operating System | Amperecomputing | Ampere Altra Max Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Documentation – Arm Developer | MISC | developer.arm.com | |
| Retbleed | MISC | amperecomputing.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.