vulnerability
Ubuntu: (CVE-2024-36348): amd64-microcode vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:S/C:P/I:N/A:N) | Jul 8, 2025 | Jul 11, 2025 | Aug 18, 2025 |
Severity
2
CVSS
(AV:L/AC:L/Au:S/C:P/I:N/A:N)
Published
Jul 8, 2025
Added
Jul 11, 2025
Modified
Aug 18, 2025
Description
A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage.
Solution
no-fix-ubuntu-package
References
- CVE-2024-36348
- https://attackerkb.com/topics/CVE-2024-36348
- CWE-1420
- URL-https://aka.ms/enter-exit-leak
- URL-https://www.amd.com/content/dam/amd/en/documents/resources/bulletin/technical-guidance-for-mitigating-transient-scheduler-attacks.pdf
- URL-https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html
- URL-https://www.cve.org/CVERecord?id=CVE-2024-36348
- URL-https://www.microsoft.com/en-us/research/wp-content/uploads/2025/07/Enter-Exit-SP26.pdf
- URL-https://xenbits.xen.org/xsa/advisory-471.html
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.