AMD Discloses Vulnerabilities: New Processor Flaws Leak Sensitive Data via Speculative Side Channels

AMD has disclosed the discovery of a new class of processor vulnerabilities, dubbed Transient Scheduler Attacks (TSA). These attacks exploit speculative side channels arising from specific microarchitectural conditions, potentially leading to the leakage of sensitive information. The vulnerabilities affect a broad range of chipsets, including server-grade, desktop, and mobile processors.

The flaws were identified as part of a collaborative study between Microsoft researchers and the Swiss Federal Institute of Technology in Zurich, aimed at assessing the resilience of modern CPUs against speculative execution. The testing focused on maintaining isolation across security domains—such as the operating system, virtual machines, and user processes. The investigation resulted in the identification of four distinct vulnerabilities, assigned the following CVE identifiers:

• CVE-2024-36350 (CVSS 5.6): May allow an attacker to retrieve data from previous store operations, potentially leaking privileged information.
• CVE-2024-36357 (CVSS 5.6): Permits access to L1D cache data across privilege boundaries.
• CVE-2024-36348 (CVSS 3.8): Enables circumvention of User-Mode Instruction Prevention (UMIP), granting access to control registers.
• CVE-2024-36349 (CVSS 3.8): Reveals the value of the TSC_AUX register, even when it has been disabled.

AMD has classified TSA as a novel category of speculative side-channel attacks, clarifying that they are unrelated to previously known mechanisms such as Predictive Store Forwarding (PSF). The core vulnerability stems from spurious load completions—a condition in which the processor erroneously assumes that a data load has completed and prematurely allows dependent operations to execute. Although the data remains inaccessible at that moment, it can still affect the timing of subsequent instructions—timing that an attacker may analyze to infer sensitive information.

AMD has identified two primary TSA vectors: TSA-L1 and TSA-SQ. TSA-L1 exploits mishandling of L1 cache micro-tags during data lookup, while TSA-SQ arises when a load operation prematurely consumes data from the store queue before the data has been finalized. In both scenarios, the vulnerability allows an unauthorized process to read information from protected domains—be it the operating system kernel, hypervisor memory, or another user’s data.

In a worst-case scenario, these attacks could breach privilege boundaries: an application may gain access to the OS kernel, a guest virtual machine could access the hypervisor, or one user process might intrude into another’s execution context. However, successful exploitation requires repeated execution of victim code on the vulnerable device, precluding drive-by attacks via browsers or standard internet content.

The affected devices include third- and fourth-generation AMD EPYC processors, the AMD Instinct MI300A accelerator, and Ryzen desktop and mobile CPUs from the 5000, 6000, 7000, 7035, 7040, 8000, and 8040 series. The vulnerabilities also impact Ryzen Threadripper PRO 7000 WX and embedded solutions within the EPYC and Ryzen Embedded lines.

AMD emphasizes that exploiting TSA necessitates repeated execution of victim code to consistently trigger the erroneous completion behavior. Such a scenario is only plausible when a pre-existing communication channel exists between the attacker and the target—such as an interaction between a user-space application and the operating system kernel.