CVE-2025-62864
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-16
Last updated on: 2025-12-17
Assigner: MITRE
Description
Description
Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM MMCommunicate service that could result in an out-of-bounds write within the UEFI-MM Secure Partition context.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ampere | ampereone_m | * |
| ampere | ampereone_ac04 | * |
| ampere | ampereone_ac03 | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in certain Ampere AmpereOne devices where an incorrectly formed SMC call to the UEFI-MM MMCommunicate service can cause an out-of-bounds write within the UEFI-MM Secure Partition context.
How can this vulnerability impact me? :
The vulnerability could lead to an out-of-bounds write in the UEFI-MM Secure Partition, which may result in system instability, potential unauthorized code execution, or compromise of the secure partition's integrity.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70