The Ampere Security Team proactively searches for and responds to all reported security vulnerabilities on all our products. We are committed to rapidly mitigating security vulnerabilities affecting our products and providing clear guidance to the security community, customers, partners, and end users on the solution, impact, severity and mitigation of any issues.
Product Security Bulletins are listed below. Click on the Title link in the table to view more details.
|Bulletin ID||Title||CVES||Published Date||Last Updated|
|AMP-SB-0001||Impact of Spectre BHB on Ampere||CVE-2022-25368||3/8/2022||3/8/2022|
|AMP-SB-0002||Altra SPI-NOR SMC||CVE-2022-32295||6/29/2022||6/29/2022|
If you have discovered a potential security vulnerability in an Ampere product, please contact the Ampere Security Team at email@example.com. Please include the following details:
For non-product related security vulnerabilities, please email us at BugBounty@amperecomputing.com
Ampere treats all security vulnerability information as extremely sensitive and we recommend that all security vulnerability reports sent to Ampere be encrypted using the Ampere PGP key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
-----END PGP PUBLIC KEY BLOCK-----
Ampere publishes all security information regarding security vulnerabilities in Ampere products, including any fixes, workarounds or other actions at the Ampere Product Security Center. Ampere also publishes mitigated vulnerabilities to public bug databases such as CVE .
All security vulnerabilities in Ampere products are actively managed through a well-defined process in compliance with the best practices per CVE.org to follow industry standards. The time to mitigate a vulnerability varies based on the scope of the issue.
The process follows these steps:
All data and information contained in or disclosed by this document are for informational purposes only and are subject to change.
This page may contain technical inaccuracies, omissions and typographical errors, and Ampere® Computing LLC, and its affiliates (“Ampere®”), is under no obligation to update or otherwise correct this information. Ampere® makes no representations or warranties of any kind, including express or implied guarantees of noninfringement, merchantability or fitness for a particular purpose, regarding the information contained in this document and assumes no liability of any kind. Ampere® is not responsible for any errors or omissions in this information or for the results obtained from the use of this information. All information in this presentation is provided “as is”, with no guarantee of completeness, accuracy, or timeliness.
This page is not an offer or a binding commitment by Ampere®. Use of the products and services contemplated herein requires the subsequent negotiation and execution of a definitive agreement or is subject to Ampere’s Terms and Conditions for the Sale of Goods.
This document is not to be used, copied, or reproduced in its entirety, or presented to others without the express written permission of Ampere®.
The technical data contained herein may be subject to U.S. and international export, re-export, or transfer laws, including “deemed export” laws. Use of these materials contrary to U.S. and international law is strictly prohibited.
©2022 Ampere® Computing LLC. All rights reserved. Ampere®, Ampere® Computing, Altra and the Ampere® logo are all trademarks of Ampere® Computing LLC or its affiliates. Other product names used in this publication are for identification purposes only and may be trademarks of their respective companies.