From 2d101e6988359072001f3a980933cf89a893fbf3 Mon Sep 17 00:00:00 2001
From: Brendan McDevitt <brendan@mcdevitt.tech>
Date: Fri, 20 May 2022 15:56:26 -0500
Subject: [PATCH] added ampere cna 3 example captured data potential from
 advisory

---
 doc/cna_readme_notes/cnas_with_html_advisories.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/doc/cna_readme_notes/cnas_with_html_advisories.md b/doc/cna_readme_notes/cnas_with_html_advisories.md
index 06fc4b5..f67835c 100644
--- a/doc/cna_readme_notes/cnas_with_html_advisories.md
+++ b/doc/cna_readme_notes/cnas_with_html_advisories.md
@@ -42,6 +42,21 @@ https://www.amd.com/en/corporate/product-security
 #### Advisory
 https://amperecomputing.com/products/product-security.html
 #### Captured Data Potential From Advisory
+```
+{
+  :bulletin_id => 'AMP-SB-0001',
+  :potential_impact => 'Partial loss of protected data',
+  :severity => 'Medium: CVSS score is 4.7',
+  :summary => '[CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N] 3/8/2022: Ampere investigated the potential impacts of the Spectre-BHB to Ampere products. The description of the vulnerability, published by the national vulnerability database (NVD) states: CVE-2022-25368 Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected.',
+  :affected_products => 'Ampere® Altra® and Ampere® Altra® Max',
+  :recommendations => 'Ampere recommends that users of affected products update to the latest firmware version provided by the system manufacturer that addresses these issues. Ampere also recommends updating to the latest OS updates that that addresses these issues. Disable unprivileged Extended Berkeley Packet Filter (eBPF)',
+  :references => [
+    'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25368',
+    'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960',
+    'https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb'
+  ]
+}
+```
 
 ## Android
 ### Advisory