CVE-2024-36349
Publication date 8 July 2025
Last updated 21 January 2026
Ubuntu priority
Description
A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.
Read the notes from the security team
Why is this CVE low priority?
Leakage of TSC_AUX does not result in leakage of sensitive information
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| amd64-microcode | 25.10 questing |
Not affected
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
Notes
rodrigo-zaiden
AMD does not plan to fix this as there is no leakage of sensitive information with the leakage of TSC_AUX.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
3.8 · Low
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Changed |
| Confidentiality | Low |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2024-36349
- https://xenbits.xen.org/xsa/advisory-471.html
- https://www.amd.com/content/dam/amd/en/documents/resources/bulletin/technical-guidance-for-mitigating-transient-scheduler-attacks.pdf
- https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html
- https://aka.ms/enter-exit-leak
- https://www.microsoft.com/en-us/research/wp-content/uploads/2025/07/Enter-Exit-SP26.pdf