CVE-2024-36350

NameCVE-2024-36350
DescriptionA transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-5973-1
Debian Bugs1109035

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
amd64-microcode (PTS)bullseye/non-free3.20240820.1~deb11u1vulnerable
bullseye/non-free (security)3.20250311.1~deb11u1vulnerable
bookworm/non-free-firmware3.20250311.1~deb12u1vulnerable
bookworm/non-free-firmware (security)3.20230719.1~deb12u1vulnerable
sid/non-free-firmware, forky/non-free-firmware, trixie/non-free-firmware3.20250311.1vulnerable
linux (PTS)bullseye5.10.223-1vulnerable
bullseye (security)5.10.237-1vulnerable
bookworm6.1.148-1fixed
bookworm (security)6.1.147-1fixed
trixie6.12.43-1fixed
trixie (security)6.12.41-1fixed
forky6.16.3-1fixed
sid6.16.7-1fixed
xen (PTS)bullseye4.14.6-1vulnerable
bullseye (security)4.14.5+94-ge49571868d-1vulnerable
bookworm4.17.5+23-ga4e5191dc0-1+deb12u1vulnerable
bookworm (security)4.17.5+23-ga4e5191dc0-1vulnerable
forky, sid, trixie4.20.0+68-g35cb38b222-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
amd64-microcodesource(unstable)(unfixed)1109035
linuxsourcebookworm6.1.147-1DSA-5973-1
linuxsource(unstable)6.12.37-1
xensourcebullseye(unfixed)end-of-life
xensource(unstable)(unfixed)

Notes

[bullseye] - xen <end-of-life> (EOLed in Bullseye)
https://xenbits.xen.org/xsa/advisory-471.html
https://www.amd.com/content/dam/amd/en/documents/resources/bulletin/technical-guidance-for-mitigating-transient-scheduler-attacks.pdf
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html
https://aka.ms/enter-exit-leak
https://www.microsoft.com/en-us/research/wp-content/uploads/2025/07/Enter-Exit-SP26.pdf
https://gitlab.com/kernel-firmware/linux-firmware/-/commit/331eac9144402d6cfa02ff3b2888a40bb9a7a01a
https://gitlab.com/kernel-firmware/linux-firmware/-/commit/3768c184de68a85b9df6697e7f93a2f61de90a99
Search for package or bug name: Reporting problems