CVE-2024-36348

Summary

A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage.

Affected Software

VendorProductVersion RangeStatus
AMDAMD EPYC™ 7002 Series Processorsallaffected
AMDAMD EPYC™ 7003 Series Processorsallaffected
AMDAMD EPYC™ 9004 Series Processorsallaffected
AMDAMD EPYC™ 8004 Series Processorsallaffected
AMDAMD EPYC™ 4004 Series Processorsallaffected
AMDAMD EPYC™ 9V64H Processorallaffected
AMDAMD Ryzen™ 5000 Series Desktop Processorsallaffected
AMDAMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphicsallaffected
AMDAMD Ryzen™ 3000 Series Desktop Processorsallaffected
AMDAMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphicsallaffected
AMDAMD Ryzen™ 7000 Series Desktop Processorsallaffected
AMDAMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphicsallaffected
AMDAMD Ryzen™ 8000 Series Processor with Radeon™ Graphicsallaffected
AMDAMD Ryzen™ Threadripper™ 3000 Series Processorsallaffected
AMDAMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processorsallaffected
AMDAMD Ryzen™ Threadripper™ PRO 3000WX Series Processorsallaffected
AMDAMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processorsallaffected
AMDAMD Ryzen™ 7020 Series Processors with Radeon™ Graphicsallaffected
AMDAMD Ryzen™ 6000 Series Processor with Radeon™ Graphicsallaffected
AMDAMD Ryzen™ 7035 Series Processor with Radeon™ Graphicsallaffected
AMDAMD Ryzen™ 7000 Series Processors with Radeon™ Graphicsallaffected
AMDAMD Ryzen™ 7040 Series Processors with Radeon™ Graphicsallaffected
AMDAMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphicsallaffected
AMDAMD Ryzen™ 7000 Series Mobile Processorsallaffected
AMDAMD EPYC™ Embedded 7002 Series Processorsallaffected
AMDAMD EPYC™ Embedded 7003 Series Processorsallaffected
AMDAMD EPYC™ Embedded 8004 Series Processorsallaffected
AMDAMD EPYC™ Embedded 9004 Series Processorsallaffected
AMDAMD Ryzen™ Embedded 5000 Series Processorsallaffected
AMDAMD Ryzen™ Embedded 7000 Series Processorsallaffected
AMDAMD Ryzen™ Embedded V2000 Series Processorsallaffected
AMDAMD Ryzen™ Embedded V3000 Series Processorsallaffected

Weaknesses

  • CWE-1420: CWE-1420 Exposure of Sensitive Information during Transient Execution

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References