Main Vulnerability Database Vulnerabilities #VU112557

#VU112557 Information exposure through microarchitectural state after transient execution in AMD products - CVE-2024-36349

Published: July 8, 2025

Vulnerability identifier: #VU112557

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-36349

CWE-ID: CWE-1342

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
3rd Gen AMD EPYC Processors
4th Gen AMD EPYC Processors
AMD Instinct MI300A
AMD Ryzen 5000 Series Desktop processor
AMD Ryzen 5000 Series Desktop processor with Radeon graphics
AMD Ryzen 7000 Series Desktop Processors

Software vendor:
AMD

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information leak. A local user process can infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html

#VU112557 Information exposure through microarchitectural state after transient execution in AMD products - CVE-2024-36349

Description

Remediation

External links

Please verify you're human