AMD CPU Transient Scheduler Attacks security flaw revealed

By Liam Dawe - 8 Jul 2025 at 6:00 pm UTC

Made public today is a fresh round of security issues, this time for AMD CPUs with Transient Scheduler Attacks. It affects quite a lot of processors including desktop, mobile and data centre.

From AMD:

AMD discovered several transient scheduler attacks related to the execution timing of instructions under specific microarchitectural conditions while investigating a Microsoft report titled "Enter, Exit, Page Fault, Leak: Testing Isolation Boundaries for Microarchitectural Leaks".

AMD has debugged these patterns and identified a speculative side channel affecting AMD CPUs . In some cases, an attacker may be able to use this timing information to infer data from other contexts, resulting in information leakage.

Some CPUs will not be getting updates for any of the issues or only for some, as AMD note some issues do "not result in leakage of sensitive information" but that depends on the exact processor series.

The CVEs are noted below:

CVE	CVSS Severity	CVE Description
CVE-2024-36350	5.6 (Medium) AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N	A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.
CVE-2024-36357	5.6 (Medium) AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N	A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.
CVE-2024-36348	3.8 (Low) AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N	A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP[3] feature is enabled, potentially resulting in information leakage.
CVE-2024-36349	3.8 (Low) AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N	A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.

Some of the updates for the Linux kernel were merged in recently, so hopefully distributions will get the changes out for updates quickly.

See more on the AMD website.

Article taken from GamingOnLinux.com.

Tags: Security, AMD, Kernel, Misc

14 Likes

About the author - Liam Dawe

I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly checked on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly. You can also follow my personal adventures on Bluesky.
See more from me

Some you may have missed, popular articles from the last month:

Chill out and breed fish in We Love Fish Tanks

Civilization VII gets Steam Workshop support, a modding SDK, bigger maps and more

Stop Killing Games consumer movement hits some major milestones

Multiple security issues in the X.Org X server and Xwayland disclosed, new versions released

All posts need to follow our rules. For users logged in: please hit the Report Flag icon on any post that breaks the rules or contains illegal / harmful content. Guest readers can email us for any issues.

1 comment

Ardje a day ago

"AMD discovered several transient scheduler attacks"
Nice... Assigned CVE and all, disclosed and fixes.
This feels like AMD gained another round of trust.

7 Likes

While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations:

PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!