AMD Transient Scheduler Attacks
AMD ID: AMD-SB-7029
Potential Impact: Loss of Confidentiality
Severity: Medium
Summary
AMD discovered several transient scheduler attacks related to the execution timing of instructions under specific microarchitectural conditions while investigating a Microsoft® report titled “Enter, Exit, Page Fault, Leak: Testing Isolation Boundaries for Microarchitectural Leaks”.
AMD has debugged these patterns and identified a speculative side channel affecting AMD CPUs . In some cases, an attacker may be able to use this timing information to infer data from other contexts, resulting in information leakage.
Please refer to Technical Guidance for Mitigating Transient Scheduler Attacks.pdf for additional information on these attacks.
CVE Details
Refer to Glossary for explanation of terms
| CVE | CVSS Severity | CVE Description |
| CVE-2024-36350 | 5.6 (Medium) AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N | A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. |
| CVE-2024-36357 | 5.6 (Medium) AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N | A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries. |
| CVE-2024-36348 | 3.8 (Low) AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N | A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP[3] feature is enabled, potentially resulting in information leakage. |
| CVE-2024-36349 | 3.8 (Low) AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N | A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage. |
Affected Products and Mitigation
AMD released to the Original Equipment Manufacturers (OEM) the Platform Initialization (PI) firmware versions on the target dates listed below. Please contact your OEM for the BIOS update specific to your product(s).
For mitigations requiring Operating System (OS) updates, AMD recommends consulting with your Operating System vendor’s documentation for information on how to enable the OS portion of the mitigation.
Data Center
AMD recommends updating to the Platform Initialization (PI) firmware versions indicated below.
1st Gen AMD EPYC™ Processors formerly codenamed "Naples"
| Code Name | CPUID | Mitigation |
| Naples | 0x00800F12 | |
| CVEs | Platform Initialization (PI) (Requires FW flash) |
|
| CVE-2024-36350 | 5.6 (Medium) | Not affected |
| CVE-2024-36357 | 5.6 (Medium) | Not affected |
| CVE-2024-36348 | 3.8 (Low) | Not affected |
| CVE-2024-36349 | 3.8 (Low) | No fix planned1 |
- Leakage of TSC_AUX does not result in leakage of sensitive information
2nd Gen AMD EPYC™ Processors formerly codenamed "Rome"
| Code Name | CPUID | Mitigation |
| Rome | 0x00830F10h | |
| CVEs | Platform Initialization (PI) (Requires FW flash) |
|
| CVE-2024-36350 | 5.6 (Medium) | Not affected |
| CVE-2024-36357 | 5.6 (Medium) | Not affected |
| CVE-2024-36348 | 3.8 (Low) | No fix planned2 |
| CVE-2024-36349 | 3.8 (Low) | No fix planned1 |
- Leakage of TSC_AUX does not result in leakage of sensitive information
- Leakage of CPU Configuration does not result in leakage of sensitive information
3rd Gen AMD EPYC™ Processors formerly codenamed “Milan" and “Milan-X”
Please Note: OS updates will also be required to mitigate these two vulnerabilities. Please refer to your OSV for additional information.
| Code Name | CPUID | Mitigation |
| Milan | 0x00A00F11 | Platform Initialization (PI) (Requires FW flash) |
| Milan-X | 0x00A00F12 | |
| Minimum firmware versions to mitigate listed CVEs below | MilanPI 1.0.0.G + OS Updates (2025-01-29) | |
| CVE-2024-36350 | 5.6 (Medium) | MilanPI 1.0.0.G + OS Updates (2025-01-29) |
| CVE-2024-36357 | 5.6 (Medium) | MilanPI 1.0.0.G + OS Updates (2025-01-29) |
| CVE-2024-36348 | 3.8 (Low) | No fix planned2 |
| CVE-2024-36349 | 3.8 (Low) | No fix planned1 |
- Leakage of TSC_AUX does not result in leakage of sensitive information
- Leakage of CPU Configuration does not result in leakage of sensitive information
4th Gen AMD EPYC™ Processors formerly codenamed "Genoa", “Genoa-X”, “Bergamo”, and “Siena”
Please Note: OS updates will also be required to mitigate these two vulnerabilities. Please refer to your OSV for additional information.
| Code Name | CPUID | Mitigation |
| Genoa | 0x00A10F11 | Platform Initialization (PI) (Requires FW flash) |
| Genoa-X | 0x00A10F12 | |
| Bergamo/Siena | 0x00AA0F02 | |
| Minimum firmware versions to mitigate all listed CVEs | GenoaPI 1.0.0.E + OS (2024-12-16) | |
| CVE-2024-36350 | 5.6 (Medium) | GenoaPI 1.0.0.E + OS Updates (2024-12-16) |
| CVE-2024-36357 | 5.6 (Medium) | GenoaPI 1.0.0.E + OS Updates (2024-12-16) |
| CVE-2024-36348 | 3.8 (Low) | No fix planned2 |
| CVE-2024-36349 | 3.8 (Low) | No fix planned1 |
- Leakage of TSC_AUX does not result in leakage of sensitive information
- Leakage of CPU Configuration does not result in leakage of sensitive information
4th Gen AMD EPYC™ Processors formerly codenamed "Raphael"
| Code Name | CPUID | Mitigation |
| Raphael | 0x00A60F12 | |
| CVEs | Platform Initialization (PI) (Requires FW flash) |
|
| CVE-2024-36350 | 5.6 (Medium) | Not affected |
| CVE-2024-36357 | 5.6 (Medium) | Not affected |
| CVE-2024-36348 | 3.8 (Low) | No fix planned2 |
| CVE-2024-36349 | 3.8 (Low) | No fix planned1 |
- Leakage of TSC_AUX does not result in leakage of sensitive information
- Leakage of CPU Configuration does not result in leakage of sensitive information
Data Center Graphics
AMD recommends updating to the Platform Initialization (PI) firmware versions indicated below
Please Note: OS updates will be also required to mitigate these two vulnerabilities. Please refer to your OSV for additional information.
| CVE | AMD Instinct™ MI300A | |
| CVE-2024-36350 | 5.6 (Medium) | MI300PI 1.0.0.7 (2024-12-02) |
| CVE-2024-36357 | 5.6 (Medium) | MI300PI 1.0.0.7 (2024-12-02) |
| CVE-2024-36348 | 3.8 (Low) | No fix planned2 |
| CVE-2024-36349 | 3.8 (Low) | No fix planned1 |
- Leakage of TSC_AUX does not result in leakage of sensitive information
- Leakage of CPU Configuration does not result in leakage of sensitive information
Client Processors
AMD recommends updating to the Platform Initialization (PI) firmware versions indicated below
Please Note: OS updates will be also required to mitigate these two vulnerabilities. Please refer to your OSV for additional information.
Desktop
| CVE | AMD Ryzen™ 5000 Series Desktop Processors (Formerly codenamed) “Vermeer” AM4 | AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics (Formerly codenamed) “Cezanne” AM4 | |
| CVE-2024-36350 | 5.6 (Medium) | ComboAM4v2PI 1.2.0.E + OS Updates (2025-01-22) | ComboAM4v2PI 1.2.0.E + OS Updates (2025-01-22) |
| CVE-2024-36357 | 5.6 (Medium) | ComboAM4v2PI 1.2.0.E + OS Updates (2025-01-22) | ComboAM4v2PI 1.2.0.E + OS Updates (2025-01-22) |
| CVE-2024-36348 | 3.8 (Low) | No fix planned2 | No fix planned2 |
| CVE-2024-36349 | 3.8 (Low) | No fix planned1 | No fix planned1 |
- Leakage of TSC_AUX does not result in leakage of sensitive information
- Leakage of CPU Configuration does not result in leakage of sensitive information
| CVE | AMD Ryzen™ 3000 Series Desktop Processors (Formerly codenamed) “Matisse” AM4 | AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics (Formerly codenamed) “Picasso” AM4 | |
| CVE-2024-36350 | 5.6 (Medium) | Not affected | Not affected |
| CVE-2024-36357 | 5.6 (Medium) | Not affected | Not affected |
| CVE-2024-36348 | 3.8 (Low) | No fix planned2 | No fix planned2 |
| CVE-2024-36349 | 3.8 (Low) | No fix planned1 | No fix planned1 |
- Leakage of TSC_AUX does not result in leakage of sensitive information
- Leakage of CPU Configuration does not result in leakage of sensitive information
| CVE | AMD Ryzen™ 7000 Series Desktop Processors (Formerly codenamed) “Raphael” X3D | AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics (Formerly codenamed) “Renoir” AM4 | AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics (Formerly codenamed) “Phoenix” AM5 | |
| CVE-2024-36350 | 5.6 (Medium) | ComboAM5PI 1.2.0.3 + OS Updates (2025-01-08) ComboAM5PI 1.0.0.a+ OS Updates (2025-01-14) ComboAM5PI 1.1.0.3c+ OS Updates (2025-01-27) | Not affected | ComboAM5PI 1.2.0.3 + OS Updates (2025-01-08) ComboAM5PI 1.1.0.3c+ OS Updates (2025-01-27) |
| CVE-2024-36357 | 5.6 (Medium) | ComboAM5PI 1.2.0.3 + OS Updates (2025-01-08) ComboAM5PI 1.0.0.a+ OS Updates (2025-01-14) ComboAM5PI 1.1.0.3c+ OS Updates (2025-01-27) | Not affected | ComboAM5PI 1.2.0.3 + OS Updates (2025-01-08) ComboAM5PI 1.1.0.3c+ OS Updates (2025-01-27) |
| CVE-2024-36348 | 3.8 (Low) | No fix planned2 | No fix planned2 | No fix planned2 |
| CVE-2024-36349 | 3.8 (Low) | No fix planned1 | No fix planned1 | No fix planned1 |
- Leakage of TSC_AUX does not result in leakage of sensitive information
- Leakage of CPU Configuration does not result in leakage of sensitive information
High End Desktop (HEDT)
| CVE | AMD Ryzen™ Threadripper™ 3000 Series Processors (Formerly codenamed) “Castle Peak” HEDT | AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors (Formerly codenamed) “Storm Peak” | |
| CVE-2024-36350 | 5.6 (Medium) | Not affected | StormPeakPI-SP6 1.1.0.0i + OS Updates (2024-12-16) StormPeakPI-SP6 1.0.0.1k + OS Updates (2024-12-19) |
| CVE-2024-36357 | 5.6 (Medium) | Not affected | StormPeakPI-SP6 1.1.0.0i + OS Updates (2024-12-16) StormPeakPI-SP6 1.0.0.1k + OS Updates (2024-12-19) |
| CVE-2024-36348 | 3.8 (Low) | No fix planned2 | No fix planned2 |
| CVE-2024-36349 | 3.8 (Low) | No fix planned1 | No fix planned1 |
- Leakage of TSC_AUX does not result in leakage of sensitive information
- Leakage of CPU Configuration does not result in leakage of sensitive information
Workstation
| CVE | AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors (Formerly codenamed) “Castle Peak” WS SP3 |
AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors (Formerly codenamed) “Chagall” WS |
|
| CVE-2024-36350 | 5.6 (Medium) | Not affected | Not affected |
| CVE-2024-36357 | 5.6 (Medium) | Not affected | Not affected |
| CVE-2024-36348 | 3.8 (Low) | No fix planned2 | No fix planned2 |
| CVE-2024-36349 | 3.8 (Low) | No fix planned1 | No fix planned1 |
- Leakage of TSC_AUX does not result in leakage of sensitive information
- Leakage of CPU Configuration does not result in leakage of sensitive information
Mobile - AMD Athlon™ Series Processors
| CVE | AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics (Formerly codenamed) “Dali”/”Dali” FP5 | AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics (Formerly codenamed) “Pollock” | |
| CVE-2024-36350 | 5.6 (Medium) | Not affected | Not affected |
| CVE-2024-36357 | 5.6 (Medium) | Not affected | Not affected |
| CVE-2024-36348 | 3.8 (Low) | Not affected | Not affected |
| CVE-2024-36349 | 3.8 (Low) | No fix planned1 | No fix planned1 |
- Leakage of TSC_AUX does not result in leakage of sensitive information
- Leakage of CPU Configuration does not result in leakage of sensitive information
Mobile - AMD Ryzen™ Series
| CVE | AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics (Formerly codenamed) “Picasso” FP5 | AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics (Formerly codenamed) “Renoir” FP6 | |
| CVE-2024-36350 | 5.6 (Medium) | Not affected | Not affected |
| CVE-2024-36357 | 5.6 (Medium) | Not affected | Not affected |
| CVE-2024-36348 | 3.8 (Low) | Not affected | No fix planned2 |
| CVE-2024-36349 | 3.8 (Low) | No fix planned1 | No fix planned1 |
- Leakage of TSC_AUX does not result in leakage of sensitive information
- Leakage of CPU Configuration does not result in leakage of sensitive information
| CVE | AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics (Formerly codenamed) "Rembrandt" FP7 | AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics (Formerly codenamed) “Rembrandt R” | AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics (Formerly codenamed) “Barcelo” FP6 | AMD Ryzen™ 7000 Series Processors with Radeon™ Graphics (Formerly codenamed) “Barcelo R” FP6 | |
| CVE-2024-36350 | 5.6 (Medium) | RembrandtPI-FP7 1.0.0.Bb + OS Updates (2024-12-26) | RembrandtPI-FP7 1.0.0.Bb + OS Updates (2024-12-26) | CezannePI-FP6 1.0.1.1b + OS Updates (2024-12-27) | CezannePI-FP6 1.0.1.1b + OS Updates (2024-12-27) |
| CVE-2024-36357 | 5.6 (Medium) | RembrandtPI-FP7 1.0.0.Bb + OS Updates (2024-12-26) | RembrandtPI-FP7 1.0.0.Bb + OS Updates (2024-12-26) | CezannePI-FP6 1.0.1.1b + OS Updates (2024-12-27) | CezannePI-FP6 1.0.1.1b + OS Updates (2024-12-27) |
| CVE-2024-36348 | 3.8 (Low) | No fix planned2 | No fix planned2 | No fix planned2 | No fix planned2 |
| CVE-2024-36349 | 3.8 (Low) | No fix planned1 | No fix planned1 | No fix planned1 | No fix planned1 |
- Leakage of TSC_AUX does not result in leakage of sensitive information
- Leakage of CPU Configuration does not result in leakage of sensitive information
| CVE | AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics (Formerly codenamed) “Phoenix” FP7/FP7r2/FP8 | AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics (Formerly codenamed) “Hawk Point” FP7/FP7r2/FP8 |
AMD Ryzen™ 7000 Series Mobile Processors (Formerly codenamed) “Dragon Range” FL1 | |
| CVE-2024-36350 | 5.6 (Medium) | PhoenixPI-FP8-FP7 1.2.0.0 + OS Updates (2024-12-16) | PhoenixPI-FP8-FP7 1.2.0.0 + OS Updates (2024-12-16) | DragonRangeFL1 1.0.0.3g + OS Updates (2024-12-18) |
| CVE-2024-36357 | 5.6 (Medium) | PhoenixPI-FP8-FP7 1.2.0.0 + OS Updates (2024-12-16) | PhoenixPI-FP8-FP7 1.2.0.0 + OS Updates (2024-12-16) | DragonRangeFL1 1.0.0.3g + OS Updates (2024-12-18) |
| CVE-2024-36348 | 3.8 (Low) | No fix planned2 | No fix planned2 | Not affected |
| CVE-2024-36349 | 3.8 (Low) | No fix planned1 | No fix planned1 | No fix planned1 |
- Leakage of TSC_AUX does not result in leakage of sensitive information
- Leakage of CPU Configuration does not result in leakage of sensitive information
Embedded Processors
AMD recommends updating to the Platform Initialization (PI) firmware versions indicated below.
Please Note: OS updates will be also required to mitigate these two vulnerabilities. Please refer to your OSV.
| CVE | AMD EPYC™ Embedded 3000 | AMD EPYC™ Embedded 7002 | AMD EPYC™ Embedded 7003 | |
| CVE-2024-36350 | 5.6 (Medium) | Not affected | Not affected | EmbMilanPI-SP3 1.0.0.A (2024-12-19) |
| CVE-2024-36357 | 5.6 (Medium) | Not affected | Not affected | EmbMilanPI-SP3 1.0.0.A (2024-12-19) |
| CVE-2024-36348 | 3.8 (Low) | Not affected | No fix planned2 | No fix planned2 |
| CVE-2024-36349 | 3.8 (Low) | No fix planned1 | No fix planned1 | No fix planned1 |
- Leakage of TSC_AUX does not result in leakage of sensitive information
- Leakage of CPU Configuration does not result in leakage of sensitive information
| CVE | AMD EPYC™ Embedded 8004 | AMD EPYC™ Embedded 9004 | AMD EPYC™ Embedded 97X4 | |
| CVE-2024-36350 | 5.6 (Medium) | EmbeddedPhoenixPI-FP7r2_1.2.0.0 (2024-12-31) | EmbGenoaPI-SP5 1.0.0.9 (2024-12-23) | EmbGenoaPI-SP5 1.0.0.9 (2024-12-23) |
| CVE-2024-36357 | 5.6 (Medium) | EmbGenoaPI-SP5 1.0.0.9 (2024-12-23) | EmbGenoaPI-SP5 1.0.0.9 (2024-12-23) | EmbGenoaPI-SP5 1.0.0.9 (2024-12-23) |
| CVE-2024-36348 | 3.8 (Low) | No fix planned2 | No fix planned2 | No fix planned2 |
| CVE-2024-36349 | 3.8 (Low) | No fix planned1 | No fix planned1 | No fix planned1 |
- Leakage of TSC_AUX does not result in leakage of sensitive information
- Leakage of CPU Configuration does not result in leakage of sensitive information
| CVE | AMD Ryzen™ Embedded R1000 | AMD Ryzen™ Embedded R2000 | AMD Ryzen™ Embedded 5000 | AMD Ryzen™ Embedded 7000 | |
| CVE-2024-36350 | 5.6 (Medium) | Not affected | Not affected | EmbAM4PI 1.0.0.7 (2025-01-31) | EmbeddedAM5PI 1.0.0.3 (2025-01-31) |
| CVE-2024-36357 | 5.6 (Medium) | Not affected | Not affected | EmbAM4PI 1.0.0.7 (2025-01-31) | EmbeddedAM5PI 1.0.0.3 (2025-01-31) |
| CVE-2024-36348 | 3.8 (Low) | Not affected | Not affected | No fix planned2 | No fix planned2 |
| CVE-2024-36349 | 3.8 (Low) | No fix planned1 | No fix planned1 | No fix planned1 | No fix planned1 |
- Leakage of TSC_AUX does not result in leakage of sensitive information
- Leakage of CPU Configuration does not result in leakage of sensitive information
| CVE | AMD Ryzen™ Embedded V1000 | AMD Ryzen™ Embedded V2000 | AMD Ryzen™ Embedded V3000 | ||
| All V1000 OPNs excluding YE1500C4T4MFH | YE1500C4T4MFH | ||||
| CVE-2024-36350 | 5.6 (Medium) | Not affected | Not affected | Not affected | Embedded-PI_FP7r2 100C (2024-12-31) |
| CVE-2024-36357 | 5.6 (Medium) | Not affected | Not affected | Not affected | Embedded-PI_FP7r2 100C (2024-12-31) |
| CVE-2024-36348 | 3.8 (Low) | Not affected | Not affected | No fix planned2 | No fix planned2 |
| CVE-2024-36349 | 3.8 (Low) | No fix planned1 | No fix planned1 | No fix planned1 | No fix planned1 |
- Leakage of TSC_AUX does not result in leakage of sensitive information
- Leakage of CPU Configuration does not result in leakage of sensitive infom there.
Acknowledgement
AMD thanks Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos from Microsoft, and Flavien Solt from ETH Zurich for reporting these issues and engaging in coordinated vulnerability disclosure.
Revisions
| Revision Date | Description |
| 2025-07-08 | Initial publication |
DISCLAIMER
The information contained herein is for informational purposes only and is subject to change without notice. While every precaution has been taken in the preparation of this document, it may contain technical inaccuracies, omissions and typographical errors, and AMD is under no obligation to update or otherwise correct this information. Advanced Micro Devices, Inc. makes no representations or warranties with respect to the accuracy or completeness of the contents of this document, and assumes no liability of any kind, including the implied warranties of noninfringement, merchantability or fitness for particular purposes, with respect to the operation or use of AMD hardware, software or other products described herein. Any computer system has risks of security vulnerabilities that cannot be completely prevented or mitigated. No license, including implied or arising by estoppel, to any intellectual property rights is granted by this document. Terms and limitations applicable to the purchase or use of AMD’s products are as set forth in a signed agreement between the parties or in AMD's Standard Terms and Conditions of Sale.
AMD, the AMD Arrow logo, EPYC, Radeon, Ryzen, Threadripper and combinations thereof are trademarks of Advanced Micro Devices, Inc. CVE and the CVE logo are registered trademarks of The MITRE Corporation. Microsoft is a registered trademark of Microsoft Corporation in the US and/or other countries. Other product names used in this publication are for identification purposes only and may be trademarks of their respective companies. Third party content may be licensed to you directly by the third party that owns the content and is not licensed to you by AMD. ALL LINKED THIRD-PARTY CONTENT IS PROVIDED ‘AS IS’ WITHOUT A WARRANTY OF ANY KIND. USE OF SUCH THIRD-PARTY CONTENT IS DONE AT YOUR SOLE DISCRETION AND UNDER NO CIRCUMSTANCES WILL AMD BE LIABLE TO YOU FOR ANY THIRD-PARTY CONTENT. YOU ASSUME ALL RISK AND ARE SOLELY RESPONSIBILITY FOR ANY DAMAGES THAT MAY ARISE FROM YOUR USE OF THIRD-PARTY CONTENT.
© 2025 Advanced Micro Devices, Inc. All rights reserved.