CVE-2024-36349 — Exposure of Sensitive Information during Transient Execution in AMD Athlon 3000 Series Desktop Processors With Radeon Graphics

CWE-1420 — Exposure of Sensitive Information during Transient Execution5 documents5 sources

Severity

3.8LOWNVD

EPSS

0.0%

top 92.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD Athlon 3000 Series Desktop Processors With Radeon Graphics AMD Athlon 3000 Series Mobile Processors With Radeon Graphics AMD Epyc 4004 Series Processors +35 more

Timeline

PublishedJul 8

Description

A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:NExploitability: 2.0 | Impact: 1.4

Affected Packages38 packages

▶CVEListV5amd/amd_ryzen_threadripper_3000_series_processorsall

▶CVEListV5amd/amd_ryzen_threadripper_pro_3000wx_series_processorsall

▶CVEListV5amd/amd_ryzen_threadripper_pro_7000_wx-series_processorsall

▶CVEListV5amd/amd_ryzen_threadripper_pro_5000wx_series_desktop_processorsall

▶CVEListV5amd/amd_epyc_4004_series_processorsall

🔴Vulnerability Details

CVEList

CVE-2024-36349: A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially re↗2025-07-08

▶

GHSA

GHSA-cwf5-jffj-j5wx: A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially re↗2025-07-08

▶

OSV

CVE-2024-36349: A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially re↗2025-07-08

▶

📋Vendor Advisories

Debian

CVE-2024-36349: amd64-microcode - A transient execution vulnerability in some AMD processors may allow a user proc...↗2024

▶