GCVE - cpe:2.3:o:amperecomputing:ampere_altra

Approved changes feed: RSS · Atom

cpe:2.3:o:amperecomputing:ampere_altra_firmware:*:*:*:*:*:*:*:*

part: o version: * update: *

Vendor	Amperecomputing (`77aac920-8144-5ed7-a36c-74e0ea24e95d`)
Product	Ampere Altra Firmware (`fa84bd48-1ddf-5351-94ee-6065e91b7427`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-46892`	vulnerable	2026-06-03 14:48:26.780074	Details available In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex. Published: 2023-02-15T00:00:00.000Z Updated: 2025-03-19T17:49:23.426Z Open on db.gcve.eu Reference links https://amperecomputing.com/products/security-bulletins/root-complex-OS-re-enable	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-37459`	vulnerable	2026-06-03 14:47:47.418035	Details available Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue. Published: 2022-08-17T12:49:21.000Z Updated: 2024-08-03T10:29:21.026Z Open on db.gcve.eu Reference links https://amperecomputing.com/products/security-bulletins/retbleed.html https://developer.arm.com/documentation/ka005138/1-0/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-35888`	vulnerable	2026-06-03 14:47:39.037138	Details available Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system. Published: 2022-09-29T00:41:53.000Z Updated: 2025-05-20T19:55:11.567Z Open on db.gcve.eu Reference links https://amperecomputing.com/products/security-bulletins/hertzbleed.html https://developer.arm.com/documentation/ka005111/1-0/?lang=en	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-32295`	vulnerable	2026-06-03 14:47:21.276450	Details available On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component. Published: 2022-06-30T23:28:16.000Z Updated: 2024-08-03T07:39:50.816Z Open on db.gcve.eu Reference links https://amperecomputing.com https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc-protection-for-ampere-website.html https://amperecomputing.com/products/security-bulletins/altra-spi-nor-smc.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-45454`	vulnerable	2026-06-03 14:45:38.053394	Details available Ampere Altra before SRP 1.08b and Altra Max before SRP 2.05 allow information disclosure of power telemetry via HWmon. Published: 2022-08-17T12:46:05.000Z Updated: 2024-08-04T04:39:21.058Z Open on db.gcve.eu Reference links https://amperecomputing.com/product-security/ https://amperecomputing.com/products/security-bulletins/platypus.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Ampere Altra Firmware

PURL mappings

Vulnerability references

Contribute