Ampere AmpereOne AC03
Moderate fix3 remedies
cpe:2.3:o:amperecomputing:ampereone_firmware:*:*:*:*:*:*:*
Moderate fix3 remedies
- < 3.5.9.3
- < 4.4.5.2
- < 5.4.5.1
Ampere AmpereOne UEFI-MM PCIe Driver Buffer Overflow Vulnerability
Vulnerability
Patched
A buffer overflow vulnerability has been identified in the UEFI-MM PCIe driver of Ampere AmpereOne AC03 devices prior to 3.5.9.3, AmpereOne AC04 devices prior to 4.4.5.2, and AmpereOne M devices prior to 5.4.5.1. The vulnerability arises from an incorrectly formed SMC call that allows for an out-of-bounds write within the PCIe driver's Secure EL0 address space.
Impact
Exploitation of this vulnerability leads to a buffer overflow, allowing for an out-of-bounds write that could corrupt memory. This memory corruption is limited to areas mapped to the UEFI-MM Secure Partition by the Secure Partition Manager, potentially causing a system hang or privilege escalation.
Remediation
Users are advised to update to AmpereOne AC03 version 3.5.9.3 or newer, AmpereOne AC04 version 4.4.5.2 or newer, or AmpereOne M version 5.4.5.1 or newer.
Added: Dec 16, 2025, 7:13 PM
Updated: Dec 16, 2025, 7:13 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
5.0exploitability
2.8remediation
7.7relevance
1.4threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.