AMD Warns of Transient Scheduler Attacks Affecting Wide Range of Chipsets
Advanced Micro Devices has disclosed a series of critical security vulnerabilities affecting multiple generations of its processor architectures, stemming from transient scheduler attacks that exploit speculative execution mechanisms.
The vulnerabilities, identified through four distinct Common Vulnerabilities and Exposures (CVE) entries, pose significant risks to data confidentiality across enterprise and consumer computing environments.
The security flaws emerged following investigations into a Microsoft research report titled “Enter, Exit, Page Fault, Leak: Testing Isolation Boundaries for Microarchitectural Leaks.”
The vulnerabilities leverage timing-based side channels in AMD’s microarchitectural implementations, allowing attackers to infer sensitive information from system memory and processor states through carefully crafted speculative execution sequences.
AMD analysts identified these transient execution vulnerabilities as capable of bypassing traditional security boundaries, potentially exposing privileged information across different execution contexts.
The attacks target fundamental processor operations including store-to-load forwarding, L1 data cache interactions, and control register access mechanisms, creating opportunities for unauthorized data extraction.
The impact spans across AMD’s extensive processor portfolio, including third and fourth-generation EPYC server processors, Ryzen desktop and mobile processors from the 5000 through 8000 series, Threadripper workstation processors, and various embedded computing platforms.
The vulnerabilities particularly affect processors utilizing the Zen 3 and Zen 4 architectures, with some earlier generation processors remaining unaffected.
Speculative Execution Exploitation Mechanism
The attack methodology centers on manipulating the processor’s speculative execution engine to create measurable timing differences that leak information about memory contents and system state.
CVE-2024-36350 and CVE-2024-36357, both carrying CVSS scores of 5.6, represent the most severe vulnerabilities by enabling attackers to infer data from previous store operations and L1D cache contents respectively.
| CVE ID | CVSS Score | CVSS Vector | Vulnerability Type | Description | Attack Requirements | Mitigation Status | Timeline |
|---|---|---|---|---|---|---|---|
| CVE-2024-36350 | 5.6 (Medium) | AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N | Transient Execution – Store Data Inference | Allows attackers to infer data from previous stores, potentially resulting in leakage of privileged information | Local access, High complexity, Low privileges | Firmware + OS Updates Required | Dec 2024 – Jan 2025 |
| CVE-2024-36357 | 5.6 (Medium) | AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N | Transient Execution – L1D Cache Data Inference | Enables attackers to infer data in the L1D cache, potentially leaking sensitive information across privileged boundaries | Local access, High complexity, Low privileges | Firmware + OS Updates Required | Dec 2024 – Jan 2025 |
| CVE-2024-36348 | 3.8 (Low) | AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N | Transient Execution – Control Register Inference | Allows user processes to infer control registers speculatively even when UMIP feature is enabled | Local access, Low complexity, Low privileges | No fix planned for most processors | No fix planned |
| CVE-2024-36349 | 3.8 (Low) | AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N | Transient Execution – TSC_AUX Inference | Permits user processes to infer TSC_AUX even when such reads are disabled | Local access, Low complexity, Low privileges | No fix planned for most processors | No fix planned |
These attacks exploit the processor’s attempt to optimize performance through speculative execution, turning this efficiency mechanism into a security liability.
The vulnerabilities require local access and specific microarchitectural conditions to trigger successfully, limiting their practical exploitation to scenarios where attackers already possess some level of system access.
However, the potential for cross-privilege boundary information leakage makes these vulnerabilities particularly concerning for multi-tenant environments and virtualized infrastructures.
AMD’s mitigation strategy involves coordinated firmware and operating system updates, with Platform Initialization firmware releases scheduled throughout 2024 and 2025.
Organizations must implement both firmware updates from original equipment manufacturers and corresponding operating system patches to achieve complete protection against these sophisticated microarchitectural attacks.
Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now
Source link
