CVE-2024-36315

Description

Improper enforcement of the LFENCE serialization property may allow an attacker to bypass speculation barriers and potentially disclose sensitive information, potentially resulting in loss of confidentiality.

CVSS breakdown

CVSS 4.0

Attack Vector

Local

Attack Complexity

High

Attack Requirements

Present

Privileges Required

Low

User Interaction

None

Confidentiality (Vulnerable System)

High

Integrity (Vulnerable System)

None

Availability (Vulnerable System)

None

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

Affected products

AMD / AMD EPYC™ 8004 Series ProcessorsGenoaPI_1.0.0.E – GenoaPI_1.0.0.E
AMD / AMD EPYC™ Embedded 8004 Series ProcessorsEmbGenoaPI-SP5 1.0.0.D – EmbGenoaPI-SP5 1.0.0.D
AMD / AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo")EmbGenoaPI-SP5 1.0.0.D – EmbGenoaPI-SP5 1.0.0.D
AMD / AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa")EmbGenoaPI-SP5 1.0.0.D – EmbGenoaPI-SP5 1.0.0.D
AMD / AMD EPYC™Series 4004 ProcessorsComboAM5PI_1.0.0.a/ ComboAM5PI_1.1.0.3c/ ComboAM5PI_1.2.0.3 – ComboAM5PI_1.0.0.a/ ComboAM5PI_1.1.0.3c/ ComboAM5PI_1.2.0.3
AMD / AMD EPYC™ Series 9004 ProcessorsGenoaPI_1.0.0.E – GenoaPI_1.0.0.E
AMD / AMD Instinct™ MI300A Series ProcessorsMI300PI 1.0.0.7 – MI300PI 1.0.0.7
AMD / AMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI_1.1.0.3c – ComboAM5PI_1.1.0.3c
AMD / AMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI_1.0.0.a – ComboAM5PI_1.0.0.a
AMD / AMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI_1.2.0.3 – ComboAM5PI_1.2.0.3
AMD / AMD Ryzen™ 7000 Series Desktop Processors (formerly codenamed "Raphael")ComboAM5PI_1.3.0.0 – ComboAM5PI_1.3.0.0
AMD / AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ GraphicsPhoenixPI-FP8-FP7_1.2.0.0 – PhoenixPI-FP8-FP7_1.2.0.0
AMD / AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ GraphicsDragonRangeFL1_1.0.0.3g – DragonRangeFL1_1.0.0.3g
AMD / AMD Ryzen™ 8000 Series Desktop ProcessorsComboAM5PI_1.1.0.3c – ComboAM5PI_1.1.0.3c
AMD / AMD Ryzen™ 8000 Series Desktop ProcessorsComboAM5PI_1.2.0.3 – ComboAM5PI_1.2.0.3
AMD / AMD Ryzen™ 8000 Series Desktop Processors (formerly codenamed "Phoenix")ComboAM5PI_1.3.0.0 – ComboAM5PI_1.3.0.0
AMD / AMD Ryzen™ 9000 Series Desktop ProcessorsComboAM5PI_1.2.0.3 – ComboAM5PI_1.2.0.3
AMD / AMD Ryzen™ Embedded 7000 Series ProcessorsEmbeddedAM5PI 1.0.0.5 – EmbeddedAM5PI 1.0.0.5
AMD / AMD Ryzen™ Embedded 8000 Series ProcessorsEmbeddedPhoenixPI-FP7r2_1.0.0.3 – EmbeddedPhoenixPI-FP7r2_1.0.0.3
AMD / AMD Ryzen™ Z1 Series ProcessorsComboAM5PI_1.0.0.a – ComboAM5PI_1.0.0.a
AMD / AMD Ryzen™ Z1 Series ProcessorsComboAM5PI_1.1.0.3c – ComboAM5PI_1.1.0.3c
AMD / AMD Ryzen™ Z1 Series ProcessorsComboAM5PI_1.2.0.3 – ComboAM5PI_1.2.0.3

CVE-2024-36315

Description

CVSS breakdown

Affected products

References