CVE-2024-36315
5.7
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
Improper enforcement of the LFENCE serialization property may allow an attacker to bypass speculation barriers and potentially disclose sensitive information, potentially resulting in loss of confidentiality.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AMD | AMD EPYC™ Series 9004 Processors | GenoaPI_1.0.0.E | unaffected |
| AMD | AMD EPYC™Series 4004 Processors | ComboAM5PI_1.0.0.a/ ComboAM5PI_1.1.0.3c/ ComboAM5PI_1.2.0.3 | unaffected |
| AMD | AMD EPYC™ 8004 Series Processors | GenoaPI_1.0.0.E | unaffected |
| AMD | AMD Instinct™ MI300A Series Processors | MI300PI 1.0.0.7 | unaffected |
| AMD | AMD Ryzen™ Z1 Series Processors | ComboAM5PI_1.2.0.3 | unaffected |
| AMD | AMD Ryzen™ Z1 Series Processors | ComboAM5PI_1.1.0.3c | unaffected |
| AMD | AMD Ryzen™ Z1 Series Processors | ComboAM5PI_1.0.0.a | unaffected |
| AMD | AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics | PhoenixPI-FP8-FP7_1.2.0.0 | unaffected |
| AMD | AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics | DragonRangeFL1_1.0.0.3g | unaffected |
| AMD | AMD Ryzen™ 9000 Series Desktop Processors | ComboAM5PI_1.2.0.3 | unaffected |
| AMD | AMD Ryzen™ 7000 Series Desktop Processors | ComboAM5PI_1.0.0.a | unaffected |
| AMD | AMD Ryzen™ 7000 Series Desktop Processors | ComboAM5PI_1.1.0.3c | unaffected |
| AMD | AMD Ryzen™ 7000 Series Desktop Processors | ComboAM5PI_1.2.0.3 | unaffected |
| AMD | AMD Ryzen™ 8000 Series Desktop Processors | ComboAM5PI_1.1.0.3c | unaffected |
| AMD | AMD Ryzen™ 8000 Series Desktop Processors | ComboAM5PI_1.2.0.3 | unaffected |
| AMD | AMD Ryzen™ 7000 Series Desktop Processors (formerly codenamed “Raphael”) | ComboAM5PI_1.3.0.0 | unaffected |
| AMD | AMD Ryzen™ 8000 Series Desktop Processors (formerly codenamed “Phoenix”) | ComboAM5PI_1.3.0.0 | unaffected |
| AMD | AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed “Genoa”) | EmbGenoaPI-SP5 1.0.0.D | unaffected |
| AMD | AMD EPYC™ Embedded 8004 Series Processors | EmbGenoaPI-SP5 1.0.0.D | unaffected |
| AMD | AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed “Bergamo”) | EmbGenoaPI-SP5 1.0.0.D | unaffected |
| AMD | AMD Ryzen™ Embedded 8000 Series Processors | EmbeddedPhoenixPI-FP7r2_1.0.0.3 | unaffected |
| AMD | AMD Ryzen™ Embedded 7000 Series Processors | EmbeddedAM5PI 1.0.0.5 | unaffected |
Weaknesses
- CWE-693: CWE-693 Protection Mechanism Failure
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3030.html
- https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.