AMD Warns of Transient Scheduler Attacks Impacting Broad Range of Chipsets

AMD has issued a security bulletin, AMD-SB-7029, highlighting several transient scheduler attacks that exploit speculative execution timing in its processors, potentially leading to loss of confidentiality.

These vulnerabilities stem from investigations into a Microsoft report on microarchitectural leaks, revealing side-channel attacks where attackers could infer sensitive data through execution timing under specific conditions.

Rated at medium severity overall, the issues involve speculative side channels that might allow unauthorized access to privileged information, such as data from previous stores or L1D cache contents.

Overview of the Vulnerabilities

AMD emphasizes that while the potential impact is on confidentiality, the attacks require local access, high complexity, and low privileges, making them challenging to exploit in practice.

Four CVEs have been assigned: CVE-2024-36350 (CVSS 5.6) for inferring data from prior stores; CVE-2024-36357 (CVSS 5.6) for L1D cache leaks across privilege boundaries; CVE-2024-36348 (CVSS 3.8) for speculatively inferring control registers despite UMIP protections; and CVE-2024-36349 (CVSS 3.8) for accessing TSC_AUX reads when disabled.

AMD notes that for the lower-severity issues, no fixes are planned in some cases, as the leaked data like TSC_AUX or CPU configurations does not typically contain sensitive information, minimizing real-world risks.

The vulnerabilities affect a wide array of AMD’s product lines, including data center, client, mobile, embedded, and graphics processors, spanning generations from 1st Gen EPYC “Naples” to newer Ryzen 8000 series and Instinct MI300A accelerators.

For instance, older models like 1st and 2nd Gen EPYC are largely unaffected by the higher-severity CVEs, with no fixes planned for the lower ones due to negligible impact.

Affected Products

In contrast, 3rd Gen EPYC “Milan” and 4th Gen “Genoa” require firmware updates like MilanPI 1.0.0.G combined with OS patches, targeted for release around January 2025, to address CVE-2024-36350 and CVE-2024-36357.

Client processors, such as Ryzen 5000 and 7000 series desktops, also need BIOS flashes via OEMs, with specific versions like ComboAM4v2PI 1.2.0.E plus OS updates scheduled for late January 2025.

Mobile and embedded lines, including Ryzen 7040 “Phoenix” and EPYC Embedded 9004, follow similar patterns, often requiring Platform Initialization (PI) firmware updates from December 2024 onward, paired with operating system mitigations from vendors like Microsoft or Linux distributors.

AMD advises users to contact OEMs for tailored BIOS updates and consult OS vendors for enabling software-side protections, as many mitigations demand both firmware flashes and OS updates to fully close the speculative channels.

While the attacks are transient and tied to scheduler behaviors, AMD’s proactive response underscores its commitment to security, building on lessons from past speculative execution threats like Spectre.

Users with affected hardware should prioritize these updates to safeguard against potential information leaks, though AMD reassures that exploitation barriers remain high.

For deeper technical details, AMD points to its “Mitigating Transient Scheduler Attacks” PDF, offering guidance on attack patterns and defenses.

This disclosure, dated around late 2024 with fixes rolling out into 2025, highlights the ongoing evolution of CPU security in an era of advanced microarchitectural exploits.

Stay Updated on Daily Cybersecurity News. Follow us on Google News, LinkedIn, and X.