Patreon Logo Support us on Patreon to keep GamingOnLinux alive. This ensures all of our main content remains free for everyone. Just good, fresh content! Alternatively, you can donate through PayPal Logo PayPal. You can also buy games using our partner links for GOG and Humble Store.
We use affiliate links to earn us some pennies. Learn more.

Made public today is a fresh round of security issues, this time for AMD CPUs with Transient Scheduler Attacks. It affects quite a lot of processors including desktop, mobile and data centre.

From AMD:

AMD discovered several transient scheduler attacks related to the execution timing of instructions under specific microarchitectural conditions while investigating a Microsoft report titled "Enter, Exit, Page Fault, Leak: Testing Isolation Boundaries for Microarchitectural Leaks".

AMD has debugged these patterns and identified a speculative side channel affecting AMD CPUs . In some cases, an attacker may be able to use this timing information to infer data from other contexts, resulting in information leakage.

Some CPUs will not be getting updates for any of the issues or only for some, as AMD note some issues do "not result in leakage of sensitive information" but that depends on the exact processor series.

The CVEs are noted below:

CVE CVSS Severity CVE Description
CVE-2024-36350 5.6 (Medium) AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.
CVE-2024-36357 5.6 (Medium) AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.
CVE-2024-36348 3.8 (Low) AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP[3] feature is enabled, potentially resulting in information leakage.
CVE-2024-36349 3.8 (Low) AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.

Some of the updates for the Linux kernel were merged in recently, so hopefully distributions will get the changes out for updates quickly.

See more on the AMD website.

Article taken from GamingOnLinux.com.
Tags: Security, AMD, Kernel, Misc
14 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly checked on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly. You can also follow my personal adventures on Bluesky.
See more from me
All posts need to follow our rules. For users logged in: please hit the Report Flag icon on any post that breaks the rules or contains illegal / harmful content. Guest readers can email us for any issues.
1 comment Subscribe

Ardje a day ago
"AMD discovered several transient scheduler attacks"
Nice... Assigned CVE and all, disclosed and fixes.
This feels like AMD gained another round of trust.
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon Logo Patreon. Plain Donations: PayPal Logo PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
Login / Register