CVE-2025-62862
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-16

Last updated on: 2025-12-17

Assigner: MITRE

Description
Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM Boot Error Record Table driver that could result in (1) an out-of-bounds read which leaks Secure-EL0 information to a process running in Non-Secure state or (2) an out-of-bounds write which corrupts Secure or Non-Secure memory, limited to memory mapped to UEFI-MM Secure Partition by the Secure Partition Manager.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-17
Generated
2026-06-16
AI Q&A
2025-12-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-62862
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
ampere ampereone_ac03 3.5.9.3
ampere ampereone_ac04 4.4.5.2
ampere ampereone_m 5.4.5.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves an incorrectly formed Secure Monitor Call (SMC) to the UEFI-MM Boot Error Record Table driver on certain AmpereOne devices. It can cause either an out-of-bounds read, which leaks Secure-EL0 information to a process running in the Non-Secure state, or an out-of-bounds write, which can corrupt Secure or Non-Secure memory mapped to the UEFI-MM Secure Partition. The Secure Partition is designed for integrity rather than confidentiality, and the vulnerability affects the architectural separation between Secure and Non-Secure worlds. [2]

Impact Analysis

The out-of-bounds read could leak Secure-EL0 information to Non-Secure processes, though the confidentiality impact is negligible since no secrets or user data are processed in the UEFI-MM Secure Partition. The out-of-bounds write can corrupt Secure or Non-Secure memory, potentially leading to system hangs or privilege escalation. Overall, this could impact system stability and security by allowing local attackers with high privileges to escalate privileges or cause denial of service. [2]

Mitigation Strategies

Users should update their AmpereOne AC03 devices to version 3.5.9.3 or newer, AC04 devices to version 4.4.5.2 or newer, and AmpereOne M devices to version 5.4.5.1 or newer. Applying these updates will mitigate the vulnerability by fixing the incorrectly formed Secure Monitor Call (SMC) handling in the UEFI-MM Boot Error Record Table driver. [2]

Compliance Impact

The vulnerability involves leaking Secure-EL0 information to a Non-Secure process and potential memory corruption, but the confidentiality impact is negligible since no secrets or user data are processed in the UEFI-MM Secure Partition. Therefore, it is unlikely to directly affect compliance with standards like GDPR or HIPAA, which focus on protecting personal and sensitive data confidentiality. However, the potential for privilege escalation and system instability could indirectly impact compliance if exploited to gain unauthorized access or disrupt system operations. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62862. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart