CVE-2024-36349

Опубликовано: 08 июл. 2025

Источник: debian

EPSS Низкий

Описание

A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
amd64-microcode	unfixed			package

Примечания

https://xenbits.xen.org/xsa/advisory-471.html
https://www.amd.com/content/dam/amd/en/documents/resources/bulletin/technical-guidance-for-mitigating-transient-scheduler-attacks.pdf
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html
https://aka.ms/enter-exit-leak
https://www.microsoft.com/en-us/research/wp-content/uploads/2025/07/Enter-Exit-SP26.pdf
Not planned to be fixed, as leakage of TSC_AUX does not result in leakage of sensitive
information.

EPSS

Процентиль: 2%

0.00015

Низкий

Связанные уязвимости

CVE-2024-36349

CVSS3: 3.8

ubuntu

около 1 месяца назад

A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.

CVE-2024-36349

CVSS3: 3.8

nvd

около 1 месяца назад

A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.

GHSA-cwf5-jffj-j5wx

CVSS3: 3.8

github

около 1 месяца назад

A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.

BDU:2025-08948

CVSS3: 3.8

fstec

около 1 месяца назад

Уязвимость микропрограммного обеспечения процессоров AMD, связанная с недостаточной защитой служебных данных, позволяющая нарушителю раскрыть защищаемую информацию

SUSE-SU-2025:02853-1

suse-cvrf

2 дня назад

Security update for the Linux Kernel

EPSS

Процентиль: 2%

0.00015

Низкий