CVE-2024-36315

Summary

Improper enforcement of the LFENCE serialization property may allow an attacker to bypass speculation barriers and potentially disclose sensitive information, potentially resulting in loss of confidentiality.

Affected Software

VendorProductVersion RangeStatus
AMDAMD EPYC™ Series 9004 ProcessorsGenoaPI_1.0.0.Eunaffected
AMDAMD EPYC™Series 4004 ProcessorsComboAM5PI_1.0.0.a/ ComboAM5PI_1.1.0.3c/ ComboAM5PI_1.2.0.3unaffected
AMDAMD EPYC™ 8004 Series ProcessorsGenoaPI_1.0.0.Eunaffected
AMDAMD Instinct™ MI300A Series ProcessorsMI300PI 1.0.0.7unaffected
AMDAMD Ryzen™ Z1 Series ProcessorsComboAM5PI_1.2.0.3unaffected
AMDAMD Ryzen™ Z1 Series ProcessorsComboAM5PI_1.1.0.3cunaffected
AMDAMD Ryzen™ Z1 Series ProcessorsComboAM5PI_1.0.0.aunaffected
AMDAMD Ryzen™ 7040 Series Mobile Processors with Radeon™ GraphicsPhoenixPI-FP8-FP7_1.2.0.0unaffected
AMDAMD Ryzen™ 7045 Series Mobile Processors with Radeon™ GraphicsDragonRangeFL1_1.0.0.3gunaffected
AMDAMD Ryzen™ 9000 Series Desktop ProcessorsComboAM5PI_1.2.0.3unaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI_1.0.0.aunaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI_1.1.0.3cunaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI_1.2.0.3unaffected
AMDAMD Ryzen™ 8000 Series Desktop ProcessorsComboAM5PI_1.1.0.3cunaffected
AMDAMD Ryzen™ 8000 Series Desktop ProcessorsComboAM5PI_1.2.0.3unaffected
AMDAMD Ryzen™ 7000 Series Desktop Processors (formerly codenamed “Raphael”)ComboAM5PI_1.3.0.0unaffected
AMDAMD Ryzen™ 8000 Series Desktop Processors (formerly codenamed “Phoenix”)ComboAM5PI_1.3.0.0unaffected
AMDAMD EPYC™ Embedded 9004 Series Processors (formerly codenamed “Genoa”)EmbGenoaPI-SP5 1.0.0.Dunaffected
AMDAMD EPYC™ Embedded 8004 Series ProcessorsEmbGenoaPI-SP5 1.0.0.Dunaffected
AMDAMD EPYC™ Embedded 9004 Series Processors (formerly codenamed “Bergamo”)EmbGenoaPI-SP5 1.0.0.Dunaffected
AMDAMD Ryzen™ Embedded 8000 Series ProcessorsEmbeddedPhoenixPI-FP7r2_1.0.0.3unaffected
AMDAMD Ryzen™ Embedded 7000 Series ProcessorsEmbeddedAM5PI 1.0.0.5unaffected

Weaknesses

  • CWE-693: CWE-693 Protection Mechanism Failure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References