CVE-2024-36357 - OpenCVE

A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2025/08/28/2
http://xenbits.xen.org/xsa/advisory-471.html
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
https://nvd.nist.gov/vuln/detail/CVE-2024-36357
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html
https://www.cve.org/CVERecord?id=CVE-2024-36357

History

Tue, 04 Nov 2025 22:30:00 +0000

Type	Values Removed	Values Added
References		http://www.openwall.com/lists/oss-security/2025/08/28/2

Mon, 03 Nov 2025 20:30:00 +0000

Type	Values Removed	Values Added
References		http://xenbits.xen.org/xsa/advisory-471.html

Mon, 03 Nov 2025 18:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00014}`	epss `{'score': 0.00022}`

Mon, 14 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00012}`	epss `{'score': 0.00014}`

Wed, 09 Jul 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 09 Jul 2025 00:30:00 +0000

Type	Values Removed	Values Added
Title		kernel: transient execution vulnerability in some AMD processors
Weaknesses		CWE-99
References		https://nvd.nist.gov/vuln/detail/CVE-2024-36357 https://www.cve.org/CVERecord?id=CVE-2024-36357
Metrics	threat_severity `None`	threat_severity `Moderate`

Tue, 08 Jul 2025 17:15:00 +0000

Type	Values Removed	Values Added
Description		A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.
Weaknesses		CWE-1421
References		https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html
Metrics		cvssV3_1 `{'score': 5.6, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2025-07-08T17:01:48.957Z

Updated: 2025-11-04T21:08:40.807Z

Reserved: 2024-05-23T19:44:50.001Z

Link: CVE-2024-36357

Vulnrichment

Updated: 2025-11-04T21:08:40.807Z

NVD

Status : Awaiting Analysis

Published: 2025-07-08T17:15:31.723

Modified: 2025-11-04T22:16:02.353

Link: CVE-2024-36357

Redhat

Severity : Moderate

Publid Date: 2025-07-08T13:00:00Z

Links: CVE-2024-36357 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object