VYPR
Vendor

Ampere

Products
3
CVEs
9
Across products
11
Status
Private

Products

3

Recent CVEs

9
  • CVE-2025-62862Dec 16, 2025
    risk 0.00cvss epss 0.00

    Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM Boot Error Record Table driver that could result in (1) an out-of-bounds read which leaks Secure-EL0…

  • CVE-2025-62863Dec 16, 2025
    risk 0.00cvss epss 0.00

    Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM PCIe driver that could result in an out-of-bounds write within PCIe driver’s S-EL0 address space.

  • CVE-2025-62864Dec 16, 2025
    risk 0.00cvss epss 0.00

    Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM MMCommunicate service that could result in an out-of-bounds write within the UEFI-MM Secure Partition…

  • CVE-2023-3006May 31, 2023
    risk 0.00cvss epss 0.00

    A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history (stored in the CPU Branch History…

  • CVE-2022-46892Feb 15, 2023
    risk 0.00cvss epss 0.01

    In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex.

  • CVE-2022-35888Sep 29, 2022
    risk 0.00cvss epss 0.01

    Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system.

  • CVE-2022-37459Aug 17, 2022
    risk 0.00cvss epss 0.00

    Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue.

  • CVE-2021-45454Aug 17, 2022
    risk 0.00cvss epss 0.01

    Ampere Altra before SRP 1.08b and Altra Max​ before SRP 2.05 allow information disclosure of power telemetry via HWmon.

  • CVE-2022-32295Jun 30, 2022
    risk 0.00cvss epss 0.01

    On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component.