Vulnerability Details : CVE-2022-35888
Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system.
Products affected by CVE-2022-35888
- cpe:2.3:o:amperecomputing:ampere_altra_max_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amperecomputing:ampere_altra_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:amperecomputing:ampereone_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-35888
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-35888
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2022-35888
-
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-35888
-
https://amperecomputing.com/products/security-bulletins/hertzbleed.html
HertzbleedVendor Advisory
-
https://developer.arm.com/documentation/ka005111/1-0/?lang=en
Can Arm CPUs be affected by power analysis side-channel attacks?Technical Description;Third Party Advisory
Jump to