CVE-2024-36357

Summary

A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.

Affected Software

VendorProductVersion RangeStatus
AMDAMD EPYC™ 7003 Series ProcessorsMilanPI 1.0.0.G + OS Updatesunaffected
AMDAMD EPYC™ 9004 Series ProcessorsGenoaPI 1.0.0.E + OS Updatesunaffected
AMDAMD EPYC™ 8004 Series ProcessorsGenoaPI 1.0.0.E + OS Updatesunaffected
AMDAMD EPYC™ 9V64H ProcessorMI300PI 1.0.0.7 + OS Updatesunaffected
AMDAMD Ryzen™ 5000 Series Desktop ProcessorsComboAM4v2PI 1.2.0.E + OS Updatesunaffected
AMDAMD Ryzen™ 5000 Series Desktop Processor with Radeon™ GraphicsComboAM4v2PI 1.2.0.E + OS Updatesunaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI 1.2.0.3 + OS Updatesunaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI 1.0.0.a+ OS Updatesunaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI 1.1.0.3c+ OS Updatesunaffected
AMDAMD Ryzen™ 8000 Series Processor with Radeon™ GraphicsComboAM5PI 1.2.0.3 + OS Updatesunaffected
AMDAMD Ryzen™ 8000 Series Processor with Radeon™ GraphicsComboAM5PI 1.1.0.3c+ OS Updatesunaffected
AMDAMD Ryzen™ Threadripper™ PRO 7000 WX-Series ProcessorsStormPeakPI-SP6 1.1.0.0i + OS Updatesunaffected
AMDAMD Ryzen™ Threadripper™ PRO 7000 WX-Series ProcessorsStormPeakPI-SP6 1.0.0.1k + OS Updatesunaffected
AMDAMD Ryzen™ 6000 Series Processor with Radeon™ GraphicsRembrandtPI-FP7 1.0.0.Bb + OS Updatesunaffected
AMDAMD Ryzen™ 7035 Series Processor with Radeon™ GraphicsRembrandtPI-FP7 1.0.0.Bb + OS Updatesunaffected
AMDAMD Ryzen™ 7000 Series Processors with Radeon™ GraphicsCezannePI-FP6 1.0.1.1b + OS Updatesunaffected
AMDAMD Ryzen™ 7040 Series Processors with Radeon™ GraphicsPhoenixPI-FP8-FP7 1.2.0.0 + OS Updatesunaffected
AMDAMD Ryzen™ 8040 Series Mobile Processors with Radeon™ GraphicsPhoenixPI-FP8-FP7 1.2.0.0 + OS Updatesunaffected
AMDAMD Ryzen™ 7000 Series Mobile ProcessorsDragonRangeFL1 1.0.0.3g + OS Updatesunaffected
AMDAMD EPYC™ Embedded 7003 Series ProcessorsEmbMilanPI-SP3 1.0.0.A + OS updatesunaffected
AMDAMD EPYC™ Embedded 8004 Series ProcessorsEmbGenoaPI-SP5 1.0.0.9 + OS updatesunaffected
AMDAMD EPYC™ Embedded 9004 Series ProcessorsEmbGenoaPI-SP5 1.0.0.9 + OS updatesunaffected
AMDAMD Ryzen™ Embedded 5000 Series ProcessorsEmbAM4PI 1.0.0.7 + OS Updateunaffected
AMDAMD Ryzen™ Embedded 7000 Series ProcessorsEmbeddedAM5PI 1.0.0.3 + OS updatesunaffected
AMDAMD Ryzen™ Embedded V3000 Series ProcessorsEmbedded-PI_FP7r2 100C + OS updatesunaffected
AMDAMD EPYC™ Embedded 97X4EmbGenoaPI-SP5 1.0.0.9 + OS updatesunaffected
AMDAMD Ryzen™ 5000 Series Processors with Radeon™ GraphicsCezannePI-FP6 1.0.1.1b + OS Updatesunaffected

Weaknesses

  • CWE-1421: CWE-1421 Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References