CVE-2024-36357
5.6
MEDIUM
CVSS 3.1
EPSS 0.10%
Description
A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.
How to fix CVE-2024-36357
To remediate CVE-2024-36357, upgrade the affected package to a fixed version below.
- Alpine/xen—upgrade to 4.18.5-r1 or later
- Debian/amd64-microcode—no fix listed
- —upgrade to 5.10.244-1 or later
- —upgrade to 6.1.153-1~deb11u1 or later
- —no fix listed
Is CVE-2024-36357 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (5)
- from 0, < 4.18.5-r1
- from 0
- from 0, < 5.10.244-1
- from 0, < 6.1.153-1~deb11u1
- from 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.6 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |