What is CVE-2022-37459?

CVE-2022-37459 is a vulnerability that allows attackers to control predictions for return addresses and potentially execute arbitrary code on Ampere Altra devices and Ampere Altra Max devices.

How can attackers exploit CVE-2022-37459?

Attackers can exploit CVE-2022-37459 using a side-channel attack known as "Retbleed" to hijack code flow and execute arbitrary code on vulnerable devices.

What is the severity of CVE-2022-37459?

CVE-2022-37459 has a severity score of 7.8, indicating a high severity.

How can I fix CVE-2022-37459?

To fix CVE-2022-37459, it is recommended to update the firmware of Ampere Altra devices to version 1.08g or later, and Ampere Altra Max devices to version 2.05a or later.

Vulnerability/
CVE-2022-37459

high

7.8

CWE

203

17/8/2022

3/8/2024

CVE-2022-37459

First published: Wed Aug 17 2022(Updated: )

Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Amperecomputing Ampere Altra Firmware	<1.08g
Amperecomputing Ampere Altra
Amperecomputing Ampere Altra Max Firmware	<2.05a
Amperecomputing Ampere Altra Max

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-37459?
CVE-2022-37459 is a vulnerability that allows attackers to control predictions for return addresses and potentially execute arbitrary code on Ampere Altra devices and Ampere Altra Max devices.
How can attackers exploit CVE-2022-37459?
Attackers can exploit CVE-2022-37459 using a side-channel attack known as "Retbleed" to hijack code flow and execute arbitrary code on vulnerable devices.
Which devices are affected by CVE-2022-37459?
Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a are affected by CVE-2022-37459.
What is the severity of CVE-2022-37459?
CVE-2022-37459 has a severity score of 7.8, indicating a high severity.
How can I fix CVE-2022-37459?
To fix CVE-2022-37459, it is recommended to update the firmware of Ampere Altra devices to version 1.08g or later, and Ampere Altra Max devices to version 2.05a or later.

collector/nvd-index
agent/references
agent/severity
agent/weakness
agent/author
agent/type
agent/description
agent/event
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/amperecomputing
canonical/amperecomputing ampere altra firmware
canonical/amperecomputing ampere altra
canonical/amperecomputing ampere altra max firmware
canonical/amperecomputing ampere altra max

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.