AMD CPU Transient Scheduler Attacks security flaw revealed
Made public today is a fresh round of security issues, this time for AMD CPUs with Transient Scheduler Attacks. It affects quite a lot of processors including desktop, mobile and data centre.
From AMD:
AMD discovered several transient scheduler attacks related to the execution timing of instructions under specific microarchitectural conditions while investigating a Microsoft report titled “Enter, Exit, Page Fault, Leak: Testing Isolation Boundaries for Microarchitectural Leaks“.
AMD has debugged these patterns and identified a speculative side channel affecting AMD CPUs . In some cases, an attacker may be able to use this timing information to infer data from other contexts, resulting in information leakage.
Some CPUs will not be getting updates for any of the issues or only for some, as AMD note some issues do “not result in leakage of sensitive information” but that depends on the exact processor series.
The CVEs are noted below:
| CVE | CVSS Severity | CVE Description |
| CVE-2024-36350 | 5.6 (Medium) AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N | A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. |
| CVE-2024-36357 | 5.6 (Medium) AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N | A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries. |
| CVE-2024-36348 | 3.8 (Low) AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N | A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP[3] feature is enabled, potentially resulting in information leakage. |
| CVE-2024-36349 | 3.8 (Low) AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N | A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage. |
Some of the updates for the Linux kernel were merged in recently, so hopefully distributions will get the changes out for updates quickly.
See more on the AMD website.
Article taken from GamingOnLinux.com.
.jpg?width=1200&height=630&fit=crop&enable=upscale&auto=webp&w=1024&resize=1024,1024&ssl=1 "Best deals for PC gamers today: Early Prime Day deals include AMD Ryzen and LG 1ms gaming monitor"){kind=tracking}
