Transient Execution Vulnerability in AMD Processors
CVE-2024-36357

5.6MEDIUM

What is CVE-2024-36357?

A transient execution vulnerability exists in certain AMD processors, which could allow an attacker to exploit the L1D cache. This exploitation may enable the leakage of sensitive information across privileged boundaries, compromising data integrity and confidentiality. It underscores the importance of monitoring system integrity and implementing security measures to mitigate potential risks associated with transient execution attacks.

Affected Version(s)

AMD EPYC™ 7003 Series Processors MilanPI 1.0.0.G + OS Updates

AMD EPYC™ 8004 Series Processors GenoaPI 1.0.0.E + OS Updates

AMD EPYC™ 9004 Series Processors GenoaPI 1.0.0.E + OS Updates

References

CVSS V3.1

Score:
5.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.