CVE-2024-36348

EUVD-2024-54761
A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.8 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
AMDCNA
3.8 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Debian logo
Debian Releases
Debian Product
Codename
amd64-microcode
bookworm/non-free-firmware
unimportant
bookworm/non-free-firmware (security)
unimportant
bullseye/non-free
unimportant
bullseye/non-free (security)
unimportant
forky/non-free-firmware
unimportant
sid/non-free-firmware
unimportant
trixie/non-free-firmware
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
amd64-microcode
bionic
deferred
focal
deferred
jammy
deferred
noble
deferred
oracular
ignored
plucky
deferred
questing
deferred
trusty
deferred
xenial
deferred
References
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html
http://www.openwall.com/lists/oss-security/2025/08/28/2