CVE-2024-36350Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution in Amd64-microcode

CWE-1421Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient ExecutionCWE-99Resource Injection52 documents9 sources
Severity
5.6MEDIUMNVD
OSV3.2
EPSS
0.0%
top 90.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
22
Linux KernelXENDebian Amd64-microcode+19 more
Timeline
PublishedJul 8
Latest updateMar 25

Description

A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 1.1 | Impact: 4.0

Affected Packages23 packages

debiandebian/xen< amd64-microcode 3.20251202.1 (forky)
debiandebian/linux< amd64-microcode 3.20251202.1 (forky)
debiandebian/linux-6.1< amd64-microcode 3.20251202.1 (forky)
debiandebian/amd64-microcode< amd64-microcode 3.20251202.1 (forky)
Debianxen/xen< 4.17.5+72-g01140da4e8-1+2

🔴Vulnerability Details

24
OSV
linux-azure-6.8 vulnerabilities2026-03-25
OSV
linux-azure-fips vulnerabilities2026-03-04
OSV
linux-azure vulnerabilities2026-03-04
OSV
linux-ibm, linux-ibm-6.8 vulnerabilities2026-02-24
OSV
linux-xilinx vulnerabilities2026-02-24

📋Vendor Advisories

24
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-25
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-04
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-03-04
Ubuntu
Linux kernel (Xilinx) vulnerabilities2026-02-24
Ubuntu
Linux kernel (IBM) vulnerabilities2026-02-24

🕵️Threat Intelligence

2
Qualys
Microsoft and Adobe Patch Tuesday, July 2025 Security Update Review | Qualys2025-07-08
Qualys
Microsoft and Adobe Patch Tuesday, July 2025 Security Update Review2025-07-08

📄Research Papers

1
arXiv
Enter, Exit, Page Fault, Leak: Testing Isolation Boundaries for Microarchitectural Leaks2025-07-08