Ampere Computing Logo
Ampere Computing Logo
Hero background image

Product Security

Overview

The Ampere Security Team proactively searches for and responds to all reported security vulnerabilities on all our products. We are committed to rapidly mitigating security vulnerabilities affecting our products and providing clear guidance to the security community, customers, partners, and end users on the solution, impact, severity and mitigation of any issues.

Security Bulletins

Product Security Bulletins are listed below. Click on the Title link in the table to view more details.


Bulletin IDTitleImpacted ProductsCVESLast Updated
AMP-SB-0001 Impact of Spectre BHBAltra®, Altra®Max, AmpereOneCVE-2022-253686/16/2023
AMP-SB-0002SPI-NOR SMCAltra, Altra MaxCVE-2022-322956/29/2022
AMP_SB_0003PlatypusAltra, Altra MaxCVE-2021-454548/11/2022
AMP-SB-0004Retbleed Altra, Altra MaxCVE-2022-374598/11/2022
AMP-SB-0005Hertzbleed Altra, Altra MaxCVE-2022-358888/11/2022
AMP-SB-0006Root Complex OS Re-Enable Altra, Altra MaxCVE-2022-468922/14/2023

Reporting a Potential Security Vulnerability

If you have discovered a potential security vulnerability in an Ampere product, please contact the Ampere Security Team at psirt@amperecomputing.com. Please include the following details:

  • The product(s) and version(s) affected
  • Detailed description of the vulnerability including steps necessary to replicate the issue
  • Known exploits

For non-product related security vulnerabilities, please email us at BugBounty@amperecomputing.com

Ampere treats all security vulnerability information as extremely sensitive and we recommend that all security vulnerability reports sent to Ampere be encrypted using the Ampere PGP key:


-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGJZrawBEACxcBCz2vHJAZUEf7adgRAdu7EjvGhcrPcPfuwd0Idtb93U+njgtsV6Lk3dN6GLnNI/zimRjE3yalXplkvN4Ow4fk05lYpXo1Yx8RuXJjEwjdGl7yS2nP3apIPifXo8/7OxEhtTrh5F3nz9KcYF8iImjqvCPRpwWybEEgHm5Dj/QRwA5Kp/NIMADIaOvlhs8HFu2dAx7sRCqQ/VzCnlf516FpONQ4XQylkN7pI0Brj7RQ9W7LvTlZj38xGTxRiJhMDoasLyuNxcOk6jmcwqHeC0dGAfYzLMXdfbZnRn3KTTZw0rRHJxovW8AfvHZ9sAeAm1DMxx8wphdGAmXghGX44YRLEaRiIpSIQJTlHQa4Pm2Rkb+eDENbkj9nO5Pqo4hFfINE37NMXRa68ozY6dd0JLIxUP4KvorS3XjIH4OWQsZTzoPU5M0AqzEj8662WmJCJb2GP6Wy0QGoABmW4OpLNewMNoI9P2nomPZTqXds+95LCkaPDKmI+RGD1S7w6skjiDsFrdkRznxqgGrY2Tn7AoUXOEGgi+UZAYlhQdiqZP0uc/W/VQVYSNeQle1eNJX3vMMPn7mHa2IWC7/hT8Am9I3+89zNEWT3363fbos1jdPGX/oMnzqrawcfCn98Eo/YF8LELVY71gA2MUbNjz2I4kPXohWk7mNtnOMSLpq5XmQwARAQABtEVBbXBlcmUgUHJvZHVjdCBTZWN1cml0eSBOb3RpZmljYXRpb24gPGl0c2VydmljZXNAYW1wZXJlY29tcHV0aW5nLmNvbT6JAlQEEwEIAD4WIQQajFFi4fqe0ftZRt/AwuzeyW0GawUCYlmtrAIbAwUJEs/xXgULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDAwuzeyW0GawCID/9ki6l9RJaMJMq00OMO4J3CefpPcONTm6RMKmgKVvNQJ3bX9p/PLz3vATisfWgyhVQKrNuvVENelAR8s6YzaE1gnyybcWyRRk55v+NjfmkneYf3m7zL83vNYOtg/88ZWYf16EuK/Ln3v4Ok9jpND8bg5pvZ4XLT4h7FcvZo42+PX0Nvcirp1i9IE8I8IOB/Um3EA9MesAbdaa2DtMN/IFGqBL6/PuRwxyScjMhq6GY3bPjhpKTrCwixu6HIAcHksAwCw7kYX4rXGn00ISdjY1nXd11z1LDT5D3aCTU9XGGqEyzHFy0HQvmhX/yFi/kNnB+9MAZW+20ecnroBK2qruexhP2OfPTAR8ly1LH7WiTw5g7aFoC8vHyipN8Sslw4MhLDxpNlgoDf72+BIA5ybAUXAPiBgqrNRdQgvGP5WlRYb4sQxgQ3/KrzUZqLC0z38k+GntyZQqFF820LECmLgVlMZUMtvF2AGu4w3lc1+qYP/Zik4+RKjvNOFziS1KYPWXQO7Qhza62GC116ZnXfsxI9vF9crZgvcjwJrFQUMiHYyIpgPnIjuFxFla1sIoQgT0zdVo2ZfnWbL+R/qktobF+8dmniR+4yDnEiZip44hXHF7/6y8IKgRtsCVYZ0VPwLz0bCUS6s1fzBkvJPWvrF9EEiNi9D1qOBV2f3MfoJVrULrkCDQRiWa2sARAAwGh6WiI8EmvNKnqMNuHHZMwCMd+7tCbaxzif6bpXOD620CMorZD5noRm3Q64IR7pKw7aogWaAM3bfvU5O/NlFqSF7Ve9yuOI9EM/4/tNTOeAXl0CjnKbQNNlldZ5XixwPeSY3ROj0tSBnrSkXm8Cv9RcAeSnyezulpIhaW4/QTWu5ZJvi8YEbsq6A3oF48LO4JmNG5n3vuGnRKHvAv1g7iYpmirNTXpHPq9AF1QFuDC+OIVTX0fNd3Uj1XAKyxQh6R9577HLlWWOBiDsaa2LAU1HHJtJ35Tx9AWa67aSsezDeOhPaahc35ZxKKl2G2pilIpGYZt0O7qdhZO1GgF9cZ/oUeEK32Q/qC+M1sBuqMVzej2jiWioVnFd4pHb7kKf932qD2ULF6r2Y8weEdu4I4rXwdWk6RjkFfFKrzOe3QE12JSKJIQmmebCpWYPihEoOX7KdQFllozTIHFM8ta7/Cw617ZFQWuLMo3wZHnCb4XTSWo9WX5Joit7udRfYblsWXPAwJIu3kVks984AGljTgdgs0Y0HyuI+0Ju4ZURZNXTgXUlsC+VoOYQKODrW+ocN9u6VAr4IfjJ0emOUtI+671mQi/U/naUQiUk9CpPaDHL7FPgli1DlJxEIO0ML2oqpT7o9GfscUkVxGeQZSJT1CvbHaG/uD7+GZ0GYfQQZLMAEQEAAYkCPAQYAQgAJhYhBBqMUWLh+p7R+1lG38DC7N7JbQZrBQJiWa2sAhsMBQkSz/FeAAoJEMDC7N7JbQZr3y0QAIn46WkC3B5oGZ5RvQ93ioIZG6wAEugy17ATzbp7lvUKz1Kbfm3crrj6gjNdkTPS2xJ2xpRzSXsNi7Cn8ByJ2ISlPNi6Nf/oR6Xbw9+5/QoGpGInHv36v4MeZIegq18+J2xTLskwaLyxWIanuedgtLvGhIgZZkeUOOTT6LqB7V2uYiwvosWtM+LSYBvOGYpRFHsyH/DZFF3HBKbP8Nmie8vszKDs89Yuwy91pOSxt+9ojov4nsiEcuy8lod+LWpxKASbxWTzXdEi2GQuyi+5BIXKO0mvfoo04yUV3HWdWTQy6rCqZYl33RD9MxPonT1uFXL4IE2WmKY+CA7c98Ov9RLtxxemOs1UCPtATYX8IgusoDR3UBqbpNG8OWN8bBitu0514QKmzoHkE5M+jdU9dNvC0irLahReqlaFZO/Ktc4WpLe04AmVjhzVsI8JmedrOGdT7NUbhxXBHTGTyOUKSaVGlht1oDrBxDJb9CnhKYlSvCG2M752ARvgSjif+6DUhu5B+URBY3b0ktR75UYKKxjd2uggwvtR53TUK4lZgOszwq7vPY0LFmPDwdCOr3P74891eqgGIAlMaduCrOHYKDhj/k/EIe2E68nsNgRxvV66m0j9fTmixyXN6LlRfR5XfRggxWJbFSEEy1ZRzp0R227clcJ6Y7u0QAmyxfLZJK6s=ub9j


-----END PGP PUBLIC KEY BLOCK-----


Software and instructions to encrypt messages may be obtained from: OenPGP or GnuPGP

Publication of Security Information

Ampere publishes all security information regarding security vulnerabilities in Ampere products, including any fixes, workarounds or other actions at the Ampere Product Security Center. Ampere also publishes mitigated vulnerabilities to public bug databases such as CVE .

Vulnerability Handling Process

All security vulnerabilities in Ampere products are actively managed through a well-defined process in compliance with the best practices per CVE.org to follow industry standards. The time to mitigate a vulnerability varies based on the scope of the issue.


The process follows these steps:

  • Discovery: The process begins when the Ampere Security Team becomes aware of a potential security vulnerability in an Ampere product. The reporter receives an acknowledgement and updates throughout the process.
  • Evaluation: The Ampere Security Team confirms the potential vulnerability, assesses the risk, determines the impact, and scores the issue using CVSS.
  • Mitigation: The Ampere Security Team works with the product team and partners to develop a solution that mitigates the security vulnerability. In cases where a vulnerability is being actively exploited, Ampere may deliver a temporary solution to contain the issue while working on the complete solution.
  • Communication: The Ampere Security Team publishes a security advisory at Ampere Product Security Center for fixed issues. Ampere Computing communicates with customers through a variety of methods. Ampere will acknowledge the reporter in the advisory if requested.

DISCLAIMER

Ampere Computing reserves the right to change or discontinue this product without notice.

While the information contained herein is believed to be accurate, such information is preliminary and should not be relied upon for accuracy or completeness, and no representations or warranties of accuracy or completeness are made.

The information contained in this document is subject to change or withdrawal at any time without notice and is being provided on an “AS IS” basis without warranty or indemnity of any kind, whether express or implied, including without limitation, the implied warranties of non-infringement, merchantability, or fitness for a particular purpose.

Any products, services, or programs discussed in this document are sold or licensed under Ampere Computing’s standard terms and conditions, copies of which may be obtained from your local Ampere Computing representative. Nothing in this document shall operate as an express or implied license or indemnity under the intellectual property rights of Ampere Computing or third parties.

Without limiting the generality of the foregoing, any performance data contained in this document was determined in a specific or controlled environment and not submitted to any formal Ampere Computing test. Therefore, the results obtained in other operating environments may vary significantly. Under no circumstances will Ampere Computing be liable for any damages whatsoever arising out of or resulting from any use of the document or the information contained herein.

Ampere is not responsible for any losses or damages of any kind incurred because of using or relying on this information. Each purchaser, consignee or user of Ampere products is solely responsible for its compliance with all applicable laws and regulations.

Ampere Computing reserves the right to make changes to its products, its datasheets, or related documentation, without notice and warrants its products solely pursuant to its terms and conditions of sale, only to comply with the latest available datasheet.

©2025 Ampere Computing LLC. All Rights Reserved. Ampere, Ampere Computing, AmpereOne and the Ampere logo are all registered trademarks or trademarks of Ampere Computing LLC or its affiliates. Arm is a registered trademark of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All other product names used in this publication are for identification purposes only and may be trademarks of their respective companies.

Created At : September 18th 2023, 5:11:48 am
Last Updated At : July 29th 2025, 9:13:20 pm
Ampere Logo

Ampere Computing LLC

4655 Great America Parkway Suite 601

Santa Clara, CA 95054

image
image
image
image
image
 |  |  | 
© 2025 Ampere Computing LLC. All rights reserved. Ampere, Altra and the A and Ampere logos are registered trademarks or trademarks of Ampere Computing.
This site runs on Ampere Processors.