CVE-2024-36348 — Exposure of Sensitive Information during Transient Execution in AMD Athlon 3000 Series Desktop Processors With Radeon Graphics

CWE-1420 — Exposure of Sensitive Information during Transient Execution5 documents5 sources

Severity

3.8LOWNVD

EPSS

0.0%

top 92.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD Athlon 3000 Series Desktop Processors With Radeon Graphics AMD Epyc 4004 Series Processors AMD Epyc 7002 Series Processors +29 more

Timeline

PublishedJul 8

Description

A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:NExploitability: 2.0 | Impact: 1.4

Affected Packages32 packages

▶CVEListV5amd/amd_epyc_4004_series_processorsall

▶CVEListV5amd/amd_epyc_7002_series_processorsall

▶CVEListV5amd/amd_epyc_7003_series_processorsall

▶CVEListV5amd/amd_epyc_8004_series_processorsall

▶CVEListV5amd/amd_epyc_9004_series_processorsall

🔴Vulnerability Details

CVEList

CVE-2024-36348: A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature↗2025-07-08

▶

OSV

CVE-2024-36348: A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature↗2025-07-08

▶

GHSA

GHSA-hj5p-w9cq-q437: A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature↗2025-07-08

▶

📋Vendor Advisories

Debian

CVE-2024-36348: amd64-microcode - A transient execution vulnerability in some AMD processors may allow a user proc...↗2024

▶