CVE-2024-36348
Publication date 8 July 2025
Last updated 21 January 2026
Ubuntu priority
Description
A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage.
Read the notes from the security team
Why is this CVE low priority?
Leakage of CPU Configuration does not result in leakage of sensitive information
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| amd64-microcode | 25.10 questing |
Not affected
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
Notes
rodrigo-zaiden
AMD does not plan to fix this as there is no leakage of sensitive information with the leakage of CPU Configuration.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
3.8 · Low
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Changed |
| Confidentiality | Low |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2024-36348
- https://xenbits.xen.org/xsa/advisory-471.html
- https://www.amd.com/content/dam/amd/en/documents/resources/bulletin/technical-guidance-for-mitigating-transient-scheduler-attacks.pdf
- https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html
- https://aka.ms/enter-exit-leak
- https://www.microsoft.com/en-us/research/wp-content/uploads/2025/07/Enter-Exit-SP26.pdf