CVE-2024-36349 in EPYC 7002 Processors
Summary
by MITRE • 07/08/2025
A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 02/20/2026
This vulnerability represents a transient execution flaw affecting certain AMD processor implementations that enables unauthorized information disclosure through improper control of the Time Stamp Counter Auxiliary register. The issue stems from the processor's handling of the TSC_AUX register during transient execution phases, where the system fails to properly enforce access controls that should prevent user processes from reading this register when access has been explicitly disabled. The vulnerability operates at the microarchitectural level, exploiting the temporal nature of transient execution to bypass normal privilege checks and access control mechanisms.
The technical implementation involves the processor's ability to execute instructions speculatively before the actual execution phase completes, during which time the TSC_AUX register remains accessible even when it should be protected. This occurs because the processor's microcode fails to properly validate access permissions during the speculative execution window, allowing malicious user processes to infer the contents of TSC_AUX through side-channel analysis techniques. The vulnerability specifically impacts processors that implement the TSC_AUX register functionality while maintaining the transient execution behavior, creating a window where the register's contents can be indirectly accessed through timing attacks or other transient execution-based inference methods.
From an operational perspective, this vulnerability presents significant security implications for systems relying on TSC_AUX for privileged operations or system state management. The information leakage could potentially expose sensitive timing information that might be used to infer system state, process information, or even cryptographic key material. Attackers could leverage this vulnerability to perform sophisticated side-channel attacks that would normally be prevented by proper access controls. The transient nature of the vulnerability means that traditional mitigation approaches such as kernel-level access control checks may not be sufficient to prevent exploitation, as the vulnerability occurs at the processor microarchitectural level.
The vulnerability aligns with CWE-200, which covers "Information Exposure," and represents a specific instance of information leakage through transient execution mechanisms. It also relates to ATT&CK technique T1059.003, "Command and Scripting Interpreter: Windows Command Shell," as attackers might use the leaked information to refine their attacks or establish more sophisticated exploitation strategies. Mitigation strategies should include firmware updates from AMD that address the microarchitectural behavior, kernel-level protections to prevent user processes from accessing TSC_AUX when disabled, and potential hardware-based solutions such as enabling enhanced security features or disabling specific processor capabilities that contribute to the vulnerability. Organizations should also implement monitoring for unusual timing patterns that might indicate exploitation attempts and consider architectural changes to their security models to account for transient execution threats.