Transient Execution Vulnerability in AMD Processors Affecting User Processes
CVE-2024-36348

3.8LOW

Key Information:

Vendor: Amd
Status: Amd Epyc™ 7002 Series Processors; Amd Epyc™ 7003 Series Processors; Amd Epyc™ 9004 Series Processors; Amd Epyc™ 8004 Series Processors
Vendor: CVE Published:; 8 July 2025

What is CVE-2024-36348?

A transient execution vulnerability in certain AMD processors allows user processes to potentially infer control registers speculatively, even when the User Mode Instruction Prevention (UMIP) feature is enabled. This could lead to unauthorized information leakage, highlighting a significant security risk in the affected AMD hardware.

Affected Version(s)

AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics all

AMD EPYC™ 4004 Series Processors all

AMD EPYC™ 7002 Series Processors all

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
May 23, 2024

Amd

What is CVE-2024-36348?

Affected Version(s)

References

CVSS V3.1

Timeline