Overview
- Description
- Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- CWE-203
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amperecomputing:ampere_altra_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D9389458-A2CF-46C8-A7B0-F2A0C594C8CA",
"versionEndExcluding": "1.08g"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amperecomputing:ampere_altra:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "62F8E59F-D4A4-4C58-BE5E-C5C0B8E40D37"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amperecomputing:ampere_altra_max_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E590AD6B-DE99-424D-B0B0-6AE7FBFB0066",
"versionEndExcluding": "2.05a"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amperecomputing:ampere_altra_max:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5B8623E0-29D4-4AF7-B538-995F4E871B32"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]