ГлавнаяУязвимости → CVE-2025-62864
9.8критическая

CVE-2025-62864

Описание

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM MMCommunicate service that could result in an out-of-bounds write within the UEFI-MM Secure Partition context.

Затрагиваемое ПО
Amperecomputing Ampereone a192-32m firmwareAmperecomputing Ampereone a192-32mAmperecomputing Ampereone a192-26m firmwareAmperecomputing Ampereone a192-26mAmperecomputing Ampereone a160-28m firmwareAmperecomputing Ampereone a160-28mAmperecomputing Ampereone a144-33m firmwareAmperecomputing Ampereone a144-33mAmperecomputing Ampereone a144-26m firmwareAmperecomputing Ampereone a144-26mAmperecomputing Ampereone a96-36m firmwareAmperecomputing Ampereone a96-36mAmperecomputing Ampereone a96-36x firmwareAmperecomputing Ampereone a96-36xAmperecomputing Ampereone a128-34x firmwareAmperecomputing Ampereone a128-34xAmperecomputing Ampereone a144-24x firmwareAmperecomputing Ampereone a144-24xAmperecomputing Ampereone a144-27x firmwareAmperecomputing Ampereone a144-27xAmperecomputing Ampereone a160-28x firmwareAmperecomputing Ampereone a160-28xAmperecomputing Ampereone a192-26x firmwareAmperecomputing Ampereone a192-26xAmperecomputing Ampereone a192-32x firmware
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://amperecomputing.com/products/product-securityhttps://amperecomputing.com/products/security-bulletins/amp-sb-0007