Описание
Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system.
Ссылки
- Vendor Advisory
- Technical DescriptionThird Party Advisory
- Vendor Advisory
- Technical DescriptionThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2022-07-15 (включая)
Одновременно
cpe:2.3:o:amperecomputing:ampere_altra_max_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amperecomputing:ampere_altra_max:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 2022-07-15 (включая)
Одновременно
cpe:2.3:o:amperecomputing:ampere_altra_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amperecomputing:ampere_altra:-:*:*:*:*:*:*:*
Конфигурация 3Версия до 2022-07-15 (включая)
Одновременно
cpe:2.3:o:amperecomputing:ampereone_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:amperecomputing:ampereone:-:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00399
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-203
CWE-203
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system.
EPSS
Процентиль: 60%
0.00399
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-203
CWE-203