CVE-2024-36357

Description

A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Affected products

AMD / AMD EPYC™ 7003 Series ProcessorsMilanPI 1.0.0.G + OS Updates – MilanPI 1.0.0.G + OS Updates
AMD / AMD EPYC™ 8004 Series ProcessorsGenoaPI 1.0.0.E + OS Updates – GenoaPI 1.0.0.E + OS Updates
AMD / AMD EPYC™ 9004 Series ProcessorsGenoaPI 1.0.0.E + OS Updates – GenoaPI 1.0.0.E + OS Updates
AMD / AMD EPYC™ 9V64H ProcessorMI300PI 1.0.0.7 + OS Updates – MI300PI 1.0.0.7 + OS Updates
AMD / AMD EPYC™ Embedded 7003 Series ProcessorsEmbMilanPI-SP3 1.0.0.A + OS updates – EmbMilanPI-SP3 1.0.0.A + OS updates
AMD / AMD EPYC™ Embedded 8004 Series ProcessorsEmbGenoaPI-SP5 1.0.0.9 + OS updates – EmbGenoaPI-SP5 1.0.0.9 + OS updates
AMD / AMD EPYC™ Embedded 9004 Series ProcessorsEmbGenoaPI-SP5 1.0.0.9 + OS updates – EmbGenoaPI-SP5 1.0.0.9 + OS updates
AMD / AMD EPYC™ Embedded 97X4EmbGenoaPI-SP5 1.0.0.9 + OS updates – EmbGenoaPI-SP5 1.0.0.9 + OS updates
AMD / AMD Ryzen™ 5000 Series Desktop ProcessorsComboAM4v2PI 1.2.0.E + OS Updates – ComboAM4v2PI 1.2.0.E + OS Updates
AMD / AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ GraphicsComboAM4v2PI 1.2.0.E + OS Updates – ComboAM4v2PI 1.2.0.E + OS Updates
AMD / AMD Ryzen™ 5000 Series Processors with Radeon™ GraphicsCezannePI-FP6 1.0.1.1b + OS Updates – CezannePI-FP6 1.0.1.1b + OS Updates
AMD / AMD Ryzen™ 6000 Series Processor with Radeon™ GraphicsRembrandtPI-FP7 1.0.0.Bb + OS Updates – RembrandtPI-FP7 1.0.0.Bb + OS Updates
AMD / AMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI 1.0.0.a+ OS Updates – ComboAM5PI 1.0.0.a+ OS Updates
AMD / AMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI 1.2.0.3 + OS Updates – ComboAM5PI 1.2.0.3 + OS Updates
AMD / AMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5PI 1.1.0.3c+ OS Updates – ComboAM5PI 1.1.0.3c+ OS Updates
AMD / AMD Ryzen™ 7000 Series Mobile ProcessorsDragonRangeFL1 1.0.0.3g + OS Updates – DragonRangeFL1 1.0.0.3g + OS Updates
AMD / AMD Ryzen™ 7000 Series Processors with Radeon™ GraphicsCezannePI-FP6 1.0.1.1b + OS Updates – CezannePI-FP6 1.0.1.1b + OS Updates
AMD / AMD Ryzen™ 7035 Series Processor with Radeon™ GraphicsRembrandtPI-FP7 1.0.0.Bb + OS Updates – RembrandtPI-FP7 1.0.0.Bb + OS Updates
AMD / AMD Ryzen™ 7040 Series Processors with Radeon™ GraphicsPhoenixPI-FP8-FP7 1.2.0.0 + OS Updates – PhoenixPI-FP8-FP7 1.2.0.0 + OS Updates
AMD / AMD Ryzen™ 8000 Series Processor with Radeon™ GraphicsComboAM5PI 1.1.0.3c+ OS Updates – ComboAM5PI 1.1.0.3c+ OS Updates
AMD / AMD Ryzen™ 8000 Series Processor with Radeon™ GraphicsComboAM5PI 1.2.0.3 + OS Updates – ComboAM5PI 1.2.0.3 + OS Updates
AMD / AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ GraphicsPhoenixPI-FP8-FP7 1.2.0.0 + OS Updates – PhoenixPI-FP8-FP7 1.2.0.0 + OS Updates
AMD / AMD Ryzen™ Embedded 5000 Series ProcessorsEmbAM4PI 1.0.0.7 + OS Update – EmbAM4PI 1.0.0.7 + OS Update
AMD / AMD Ryzen™ Embedded 7000 Series ProcessorsEmbeddedAM5PI 1.0.0.3 + OS updates – EmbeddedAM5PI 1.0.0.3 + OS updates
AMD / AMD Ryzen™ Embedded V3000 Series ProcessorsEmbedded-PI_FP7r2 100C + OS updates – Embedded-PI_FP7r2 100C + OS updates
AMD / AMD Ryzen™ Threadripper™ PRO 7000 WX-Series ProcessorsStormPeakPI-SP6 1.1.0.0i + OS Updates – StormPeakPI-SP6 1.1.0.0i + OS Updates
AMD / AMD Ryzen™ Threadripper™ PRO 7000 WX-Series ProcessorsStormPeakPI-SP6 1.0.0.1k + OS Updates – StormPeakPI-SP6 1.0.0.1k + OS Updates

References

MISChttps://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html