Retbleed: Side-Channel Attack Exploiting Return Address Predictions in Ampere Altra Devices

Retbleed: Side-Channel Attack Exploiting Return Address Predictions in Ampere Altra Devices

CVE-2022-37459 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue.

Learn more about our Web Application Penetration Testing UK.