CVE-2022-32295
First published: Thu Jun 30 2022(Updated: )
On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Amperecomputing Ampere Altra Firmware | <1.09 | |
| Amperecomputing Ampere Altra | ||
| Amperecomputing Ampere Altra Max Firmware | <1.09 | |
| Amperecomputing Ampere Altra Max |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-32295?
The severity of CVE-2022-32295 is critical.
Which devices are affected by CVE-2022-32295?
Ampere Altra and AltraMax devices before SRP 1.09 are affected by CVE-2022-32295.
What is the vulnerability in CVE-2022-32295?
The vulnerability in CVE-2022-32295 allows insecure access to SPI-NOR by the OS/hypervisor component on Ampere Altra and AltraMax devices before SRP 1.09.
How can I fix CVE-2022-32295?
Click on the link to the Ampere Computing website for information on the Altra SPI-NOR SMC protection update.
Where can I find more information about CVE-2022-32295?
You can find more information about CVE-2022-32295 on the Ampere Computing website and the security bulletins section.
- collector/nvd-api
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/amperecomputing
- canonical/amperecomputing ampere altra firmware
- canonical/amperecomputing ampere altra
- canonical/amperecomputing ampere altra max firmware
- canonical/amperecomputing ampere altra max