CVE-2024-36357 — Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution in Amd64-microcode

CWE-1421 — Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution CWE-99 — Resource Injection50 documents8 sources

Severity

5.6MEDIUMNVD

OSV3.2

EPSS

0.0%

top 90.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel XEN Debian Amd64-microcode +19 more

Timeline

PublishedJul 8

Latest updateMar 25

Description

A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 1.1 | Impact: 4.0

Affected Packages23 packages

▶debiandebian/xen< amd64-microcode 3.20251202.1 (forky)

▶debiandebian/linux< amd64-microcode 3.20251202.1 (forky)

▶debiandebian/linux-6.1< amd64-microcode 3.20251202.1 (forky)

▶debiandebian/amd64-microcode< amd64-microcode 3.20251202.1 (forky)

▶Debianxen/xen< 4.17.5+72-g01140da4e8-1+2

🔴Vulnerability Details

OSV

linux-azure-6.8 vulnerabilities↗2026-03-25

▶

OSV

linux-azure-fips vulnerabilities↗2026-03-04

▶

OSV

linux-azure vulnerabilities↗2026-03-04

▶

OSV

linux-ibm, linux-ibm-6.8 vulnerabilities↗2026-02-24

▶

OSV

linux-xilinx vulnerabilities↗2026-02-24

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-03-25

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-03-04

▶

Ubuntu

Linux kernel (Azure FIPS) vulnerabilities↗2026-03-04

▶

Ubuntu

Linux kernel (Xilinx) vulnerabilities↗2026-02-24

▶

Ubuntu

Linux kernel (IBM) vulnerabilities↗2026-02-24

▶

📄Research Papers

arXiv

Enter, Exit, Page Fault, Leak: Testing Isolation Boundaries for Microarchitectural Leaks↗2025-07-08

▶