Retbleed: Side-Channel Attack Exploiting Return Address Predictions in Ampere Altra Devices
CVE-2022-37459 · HIGH Severity
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue.
Learn more about our Web Application Penetration Testing UK.