CVE-2024-36350
5.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Summary
A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AMD | AMD EPYC™ 7003 Series Processors | MilanPI 1.0.0.G + OS Updates | unaffected |
| AMD | AMD EPYC™ 9004 Series Processors | GenoaPI 1.0.0.E + OS Updates | unaffected |
| AMD | AMD EPYC™ 8004 Series Processors | GenoaPI 1.0.0.E + OS Updates | unaffected |
| AMD | AMD EPYC™ 9V64H Processor | MI300PI 1.0.0.7 + OS Updates | unaffected |
| AMD | AMD Ryzen™ 5000 Series Desktop Processors | ComboAM4v2PI 1.2.0.E + OS Updates | unaffected |
| AMD | AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics | ComboAM4v2PI 1.2.0.E + OS Updates | unaffected |
| AMD | AMD Ryzen™ 7000 Series Desktop Processors | ComboAM5PI 1.2.0.3 + OS Updates | unaffected |
| AMD | AMD Ryzen™ 7000 Series Desktop Processors | ComboAM5PI 1.0.0.a+ OS Updates | unaffected |
| AMD | AMD Ryzen™ 7000 Series Desktop Processors | ComboAM5PI 1.1.0.3c+ OS Updates | unaffected |
| AMD | AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics | ComboAM5PI 1.2.0.3 + OS Updates | unaffected |
| AMD | AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics | ComboAM5PI 1.1.0.3c+ OS Updates | unaffected |
| AMD | AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors | StormPeakPI-SP6 1.1.0.0i + OS Updates | unaffected |
| AMD | AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors | StormPeakPI-SP6 1.0.0.1k + OS Updates | unaffected |
| AMD | AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics | RembrandtPI-FP7 1.0.0.Bb + OS Updates | unaffected |
| AMD | AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics | RembrandtPI-FP7 1.0.0.Bb + OS Updates | unaffected |
| AMD | AMD Ryzen™ 7000 Series Processors with Radeon™ Graphics | CezannePI-FP6 1.0.1.1b + OS Updates | unaffected |
| AMD | AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics | PhoenixPI-FP8-FP7 1.2.0.0 + OS Updates | unaffected |
| AMD | AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics | PhoenixPI-FP8-FP7 1.2.0.0 + OS Updates | unaffected |
| AMD | AMD Ryzen™ 7000 Series Mobile Processors | DragonRangeFL1 1.0.0.3g + OS Updates | unaffected |
| AMD | AMD EPYC™ Embedded 7003 Series Processors | EmbMilanPI-SP3 1.0.0.A + OS updates | unaffected |
| AMD | AMD EPYC™ Embedded 8004 Series Processors | EmbGenoaPI-SP5 1.0.0.9 + OS updates | unaffected |
| AMD | AMD EPYC™ Embedded 9004 Series Processors | EmbGenoaPI-SP5 1.0.0.9 + OS updates | unaffected |
| AMD | AMD Ryzen™ Embedded 5000 Series Processors | EmbAM4PI 1.0.0.7 + OS Update | unaffected |
| AMD | AMD Ryzen™ Embedded 7000 Series Processors | EmbeddedAM5PI 1.0.0.3 + OS updates | unaffected |
| AMD | AMD Ryzen™ Embedded V3000 Series Processors | Embedded-PI_FP7r2 100C + OS updates | unaffected |
| AMD | AMD EPYC™ Embedded 97X4 | EmbGenoaPI-SP5 1.0.0.9 + OS updates | unaffected |
| AMD | AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics | CezannePI-FP6 1.0.1.1b + OS Updates | unaffected |
Weaknesses
- CWE-1421: CWE-1421 Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- http://xenbits.xen.org/xsa/advisory-471.html
- http://www.openwall.com/lists/oss-security/2025/08/28/2
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.