ByteOS Network

NVD Vulnerability Details :

CVE-2025-62862

Analyzed

Source-cve@mitre.org

Published At-16 Dec, 2025 | 17:16

Updated At-31 Dec, 2025 | 00:28

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM Boot Error Record Table driver that could result in (1) an out-of-bounds read which leaks Secure-EL0 information to a process running in Non-Secure state or (2) an out-of-bounds write which corrupts Secure or Non-Secure memory, limited to memory mapped to UEFI-MM Secure Partition by the Secure Partition Manager.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	4.6	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 4.6

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L

CPE Matches

amperecomputing>>ampereone_a192-32m_firmware>>Versions before 5.4.5.1(exclusive)

cpe:2.3:o:amperecomputing:ampereone_a192-32m_firmware:*:*:*:*:*:*:*:*

amperecomputing>>ampereone_a192-32m>>-

cpe:2.3:h:amperecomputing:ampereone_a192-32m:-:*:*:*:*:*:*:*

amperecomputing>>ampereone_a192-26m_firmware>>Versions before 5.4.5.1(exclusive)

cpe:2.3:o:amperecomputing:ampereone_a192-26m_firmware:*:*:*:*:*:*:*:*

amperecomputing>>ampereone_a192-26m>>-

cpe:2.3:h:amperecomputing:ampereone_a192-26m:-:*:*:*:*:*:*:*

amperecomputing>>ampereone_a160-28m_firmware>>Versions before 5.4.5.1(exclusive)

cpe:2.3:o:amperecomputing:ampereone_a160-28m_firmware:*:*:*:*:*:*:*:*

amperecomputing>>ampereone_a160-28m>>-

cpe:2.3:h:amperecomputing:ampereone_a160-28m:-:*:*:*:*:*:*:*

amperecomputing>>ampereone_a144-33m_firmware>>Versions before 5.4.5.1(exclusive)

cpe:2.3:o:amperecomputing:ampereone_a144-33m_firmware:*:*:*:*:*:*:*:*

amperecomputing>>ampereone_a144-33m>>-

cpe:2.3:h:amperecomputing:ampereone_a144-33m:-:*:*:*:*:*:*:*

amperecomputing>>ampereone_a144-26m_firmware>>Versions before 5.4.5.1(exclusive)

cpe:2.3:o:amperecomputing:ampereone_a144-26m_firmware:*:*:*:*:*:*:*:*

amperecomputing>>ampereone_a144-26m>>-

cpe:2.3:h:amperecomputing:ampereone_a144-26m:-:*:*:*:*:*:*:*

amperecomputing>>ampereone_a96-36m_firmware>>Versions before 5.4.5.1(exclusive)

cpe:2.3:o:amperecomputing:ampereone_a96-36m_firmware:*:*:*:*:*:*:*:*

amperecomputing>>ampereone_a96-36m>>-

cpe:2.3:h:amperecomputing:ampereone_a96-36m:-:*:*:*:*:*:*:*

amperecomputing>>ampereone_a96-36x_firmware>>Versions before 4.4.5.2(exclusive)

cpe:2.3:o:amperecomputing:ampereone_a96-36x_firmware:*:*:*:*:*:*:*:*

amperecomputing>>ampereone_a96-36x>>-

cpe:2.3:h:amperecomputing:ampereone_a96-36x:-:*:*:*:*:*:*:*

amperecomputing>>ampereone_a128-34x_firmware>>Versions before 4.4.5.2(exclusive)

cpe:2.3:o:amperecomputing:ampereone_a128-34x_firmware:*:*:*:*:*:*:*:*

amperecomputing>>ampereone_a128-34x>>-

cpe:2.3:h:amperecomputing:ampereone_a128-34x:-:*:*:*:*:*:*:*

amperecomputing>>ampereone_a144-24x_firmware>>Versions before 4.4.5.2(exclusive)

cpe:2.3:o:amperecomputing:ampereone_a144-24x_firmware:*:*:*:*:*:*:*:*

amperecomputing>>ampereone_a144-24x>>-

cpe:2.3:h:amperecomputing:ampereone_a144-24x:-:*:*:*:*:*:*:*

amperecomputing>>ampereone_a144-27x_firmware>>Versions before 4.4.5.2(exclusive)

cpe:2.3:o:amperecomputing:ampereone_a144-27x_firmware:*:*:*:*:*:*:*:*

amperecomputing>>ampereone_a144-27x>>-

cpe:2.3:h:amperecomputing:ampereone_a144-27x:-:*:*:*:*:*:*:*

amperecomputing>>ampereone_a160-28x_firmware>>Versions before 4.4.5.2(exclusive)

cpe:2.3:o:amperecomputing:ampereone_a160-28x_firmware:*:*:*:*:*:*:*:*

amperecomputing>>ampereone_a160-28x>>-

cpe:2.3:h:amperecomputing:ampereone_a160-28x:-:*:*:*:*:*:*:*

amperecomputing>>ampereone_a192-26x_firmware>>Versions before 4.4.5.2(exclusive)

cpe:2.3:o:amperecomputing:ampereone_a192-26x_firmware:*:*:*:*:*:*:*:*

amperecomputing>>ampereone_a192-26x>>-

cpe:2.3:h:amperecomputing:ampereone_a192-26x:-:*:*:*:*:*:*:*

amperecomputing>>ampereone_a192-26x_firmware>>Versions before 3.5.9.3(exclusive)

cpe:2.3:o:amperecomputing:ampereone_a192-26x_firmware:*:*:*:*:*:*:*:*

amperecomputing>>ampereone_a192-26x>>-

cpe:2.3:h:amperecomputing:ampereone_a192-26x:-:*:*:*:*:*:*:*

amperecomputing>>ampereone_a192-32x_firmware>>Versions before 3.5.9.3(exclusive)

cpe:2.3:o:amperecomputing:ampereone_a192-32x_firmware:*:*:*:*:*:*:*:*

amperecomputing>>ampereone_a192-32x>>-

cpe:2.3:h:amperecomputing:ampereone_a192-32x:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-125	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-787	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-125

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-787

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://amperecomputing.com/products/product-security	cve@mitre.org	Vendor Advisory
https://amperecomputing.com/products/security-bulletins/amp-sb-0007	cve@mitre.org	Vendor Advisory

Hyperlink: https://amperecomputing.com/products/product-security

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: https://amperecomputing.com/products/security-bulletins/amp-sb-0007

Source: cve@mitre.org

Resource:

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History