Vulnerability in Amd Epyc™ 7003 Series Processors
CVE-2024-36357
A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.
EPSS: 0.001 (26.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.6 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N.
Affected products
- Amd Epyc™ 7003 Series Processors — versions MilanPI 1.0.0.G + OS Updates
- Amd Epyc™ 8004 Series Processors — versions GenoaPI 1.0.0.E + OS Updates
- Amd Epyc™ 9004 Series Processors — versions GenoaPI 1.0.0.E + OS Updates
- Amd Epyc™ 9v64h Processor — versions MI300PI 1.0.0.7 + OS Updates
- Amd Epyc™ Embedded 7003 Series Processors — versions EmbMilanPI-SP3 1.0.0.A + OS updates
- Amd Epyc™ Embedded 8004 Series Processors — versions EmbGenoaPI-SP5 1.0.0.9 + OS updates
- Amd Epyc™ Embedded 9004 Series Processors — versions EmbGenoaPI-SP5 1.0.0.9 + OS updates
- Amd Epyc™ Embedded 97x4 — versions EmbGenoaPI-SP5 1.0.0.9 + OS updates
- Amd Ryzen™ 5000 Series Desktop Processors — versions ComboAM4v2PI 1.2.0.E + OS Updates
- Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics — versions ComboAM4v2PI 1.2.0.E + OS Updates
Weakness classification (CWE)
Public proof-of-concept exploits
References
Frequently asked questions
- What is CVE-2024-36357?
- CVE-2024-36357 is a medium-severity vulnerability in Amd Epyc™ 7003 Series Processors, classified under CWE-1421. CVSS score: 5.6/10. Published 2025-07-08.
- How severe is CVE-2024-36357?
- Medium severity. CVSS v3 base score is 5.6 out of 10.
- Is CVE-2024-36357 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.