CVE-2024-36357

NameCVE-2024-36357
DescriptionA transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-5973-1
Debian Bugs1109035

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
amd64-microcode (PTS)bullseye/non-free3.20240820.1~deb11u1vulnerable
bullseye/non-free (security)3.20250311.1~deb11u1vulnerable
bookworm/non-free-firmware3.20250311.1~deb12u1vulnerable
bookworm/non-free-firmware (security)3.20230719.1~deb12u1vulnerable
sid/non-free-firmware, forky/non-free-firmware, trixie/non-free-firmware3.20250311.1vulnerable
linux (PTS)bullseye5.10.223-1vulnerable
bullseye (security)5.10.237-1vulnerable
bookworm6.1.148-1fixed
bookworm (security)6.1.147-1fixed
trixie6.12.43-1fixed
trixie (security)6.12.41-1fixed
forky6.16.3-1fixed
sid6.16.6-1fixed
xen (PTS)bullseye4.14.6-1vulnerable
bullseye (security)4.14.5+94-ge49571868d-1vulnerable
bookworm4.17.5+23-ga4e5191dc0-1+deb12u1vulnerable
bookworm (security)4.17.5+23-ga4e5191dc0-1vulnerable
forky, sid, trixie4.20.0+68-g35cb38b222-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
amd64-microcodesource(unstable)(unfixed)1109035
linuxsourcebookworm6.1.147-1DSA-5973-1
linuxsource(unstable)6.12.37-1
xensourcebullseye(unfixed)end-of-life
xensource(unstable)(unfixed)

Notes

[bullseye] - xen <end-of-life> (EOLed in Bullseye)
https://xenbits.xen.org/xsa/advisory-471.html
https://www.amd.com/content/dam/amd/en/documents/resources/bulletin/technical-guidance-for-mitigating-transient-scheduler-attacks.pdf
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html
https://aka.ms/enter-exit-leak
https://www.microsoft.com/en-us/research/wp-content/uploads/2025/07/Enter-Exit-SP26.pdf
https://gitlab.com/kernel-firmware/linux-firmware/-/commit/331eac9144402d6cfa02ff3b2888a40bb9a7a01a
https://gitlab.com/kernel-firmware/linux-firmware/-/commit/3768c184de68a85b9df6697e7f93a2f61de90a99
Search for package or bug name: Reporting problems