CVE-2024-36357

CVE-2024-36357

Name

CVE-2024-36357

Description

A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
psirt@amd.com	https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
af854a3a-2127-422b-91ae-364da2661108	http://xenbits.xen.org/xsa/advisory-471.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/08/28/2

Type

URI

psirt@amd.com

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html

af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

af854a3a-2127-422b-91ae-364da2661108

http://xenbits.xen.org/xsa/advisory-471.html

af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2025/08/28/2

Match rules

CPE URI

Source package

Min version

Max version

amd-epyc™-7003-series-processors

== MilanPI 1.0.0.G + OS Updates

amd-epyc™-9004-series-processors

== GenoaPI 1.0.0.E + OS Updates

amd-epyc™-8004-series-processors

== GenoaPI 1.0.0.E + OS Updates

amd-epyc™-9v64h-processor

== MI300PI 1.0.0.7 + OS Updates

amd-ryzen™-5000-series-desktop-processors

== ComboAM4v2PI 1.2.0.E + OS Updates

amd-ryzen™-5000-series-desktop-processor-with-radeon™-graphics

== ComboAM4v2PI 1.2.0.E + OS Updates

amd-ryzen™-7000-series-desktop-processors

== ComboAM5PI 1.2.0.3 + OS Updates

amd-ryzen™-7000-series-desktop-processors

== ComboAM5PI 1.0.0.a+ OS Updates

amd-ryzen™-7000-series-desktop-processors

== ComboAM5PI 1.1.0.3c+ OS Updates

amd-ryzen™-8000-series-processor-with-radeon™-graphics

== ComboAM5PI 1.2.0.3 + OS Updates

amd-ryzen™-8000-series-processor-with-radeon™-graphics

== ComboAM5PI 1.1.0.3c+ OS Updates

amd-ryzen™-threadripper™-pro-7000-wx-series-processors

== StormPeakPI-SP6 1.1.0.0i + OS Updates

amd-ryzen™-threadripper™-pro-7000-wx-series-processors

== StormPeakPI-SP6 1.0.0.1k + OS Updates

amd-ryzen™-6000-series-processor-with-radeon™-graphics

== RembrandtPI-FP7 1.0.0.Bb + OS Updates

amd-ryzen™-7035-series-processor-with-radeon™-graphics

== RembrandtPI-FP7 1.0.0.Bb + OS Updates

amd-ryzen™-7000-series-processors-with-radeon™-graphics

== CezannePI-FP6 1.0.1.1b + OS Updates

amd-ryzen™-7040-series-processors-with-radeon™-graphics

== PhoenixPI-FP8-FP7 1.2.0.0 + OS Updates

amd-ryzen™-8040-series-mobile-processors-with-radeon™-graphics

== PhoenixPI-FP8-FP7 1.2.0.0 + OS Updates

amd-ryzen™-7000-series-mobile-processors

== DragonRangeFL1 1.0.0.3g + OS Updates

amd-epyc™-embedded-7003-series-processors

== EmbMilanPI-SP3 1.0.0.A + OS updates

amd-epyc™-embedded-8004-series-processors

== EmbGenoaPI-SP5 1.0.0.9 + OS updates

amd-epyc™-embedded-9004-series-processors

== EmbGenoaPI-SP5 1.0.0.9 + OS updates

amd-ryzen™-embedded-5000-series-processors

== EmbAM4PI 1.0.0.7 + OS Update

amd-ryzen™-embedded-7000-series-processors

== EmbeddedAM5PI 1.0.0.3 + OS updates

amd-ryzen™-embedded-v3000-series-processors

== Embedded-PI_FP7r2 100C + OS updates

amd-epyc™-embedded-97x4

== EmbGenoaPI-SP5 1.0.0.9 + OS updates

amd-ryzen™-5000-series-processors-with-radeon™-graphics

== CezannePI-FP6 1.0.1.1b + OS Updates

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
xen	edge-main	4.20.1-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.22-main	4.20.1-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.21-main	4.19.2-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.20-main	4.18.5-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.19-main	4.18.5-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

xen

edge-main

4.20.1-r0

Natanael Copa <ncopa@alpinelinux.org>

fixed

xen

3.22-main