CVE-2024-36348
Publication date 8 July 2025
Last updated 10 July 2025
Ubuntu priority
A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage.
Read the notes from the security team
Why is this CVE low priority?
Leakage of CPU Configuration does not result in leakage of sensitive information
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| amd64-microcode | 25.04 plucky |
Vulnerable, fix deferred
|
| 24.04 LTS noble |
Vulnerable, fix deferred
|
|
| 22.04 LTS jammy |
Vulnerable, fix deferred
|
|
| 20.04 LTS focal |
Vulnerable, fix deferred
|
|
| 18.04 LTS bionic |
Vulnerable, fix deferred
|
|
| 16.04 LTS xenial |
Vulnerable, fix deferred
|
|
| 14.04 LTS trusty |
Vulnerable, fix deferred
|
Notes
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
3.8 · Low
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Changed |
| Confidentiality | Low |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2024-36348
- https://xenbits.xen.org/xsa/advisory-471.html
- https://www.amd.com/content/dam/amd/en/documents/resources/bulletin/technical-guidance-for-mitigating-transient-scheduler-attacks.pdf
- https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html
- https://aka.ms/enter-exit-leak
- https://www.microsoft.com/en-us/research/wp-content/uploads/2025/07/Enter-Exit-SP26.pdf