CVE-2024-36315

MEDIUM

AMD EPYC Series 9004 Processors - Information Disclosure via Improper LFENCE Serialization Enforcement

Title source: llm

Description

Improper enforcement of the LFENCE serialization property may allow an attacker to bypass speculation barriers and potentially disclose sensitive information, potentially resulting in loss of confidentiality.

References (2)

Core 2

Core References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3030.html

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html

Scores

CVSS v4 5.7

EPSS 0.0003

EPSS Percentile 8.2%

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-693

Status published

Products (22)

AMD/AMD EPYC™ 8004 Series Processors GenoaPI_1.0.0.E

AMD/AMD EPYC™ Embedded 8004 Series Processors EmbGenoaPI-SP5 1.0.0.D

AMD/AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo") EmbGenoaPI-SP5 1.0.0.D

AMD/AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa") EmbGenoaPI-SP5 1.0.0.D

AMD/AMD EPYC™ Series 9004 Processors GenoaPI_1.0.0.E

AMD/AMD EPYC™Series 4004 Processors ComboAM5PI_1.0.0.a/ ComboAM5PI_1.1.0.3c/ ComboAM5PI_1.2.0.3

AMD/AMD Instinct™ MI300A Series Processors MI300PI 1.0.0.7

AMD/AMD Ryzen™ 7000 Series Desktop Processors ComboAM5PI_1.0.0.a

AMD/AMD Ryzen™ 7000 Series Desktop Processors ComboAM5PI_1.1.0.3c

AMD/AMD Ryzen™ 7000 Series Desktop Processors ComboAM5PI_1.2.0.3

... and 12 more

Published May 13, 2026

Tracked Since May 13, 2026