Subj : AMD warns worrying new Spectre, Meltdown-esque flaw could affect To : All From : TechnologyDaily Date : Thu Jul 10 2025 14:15:08 AMD warns worrying new Spectre, Meltdown-esque flaw could affect top CPUs - here's what we know Date: Thu, 10 Jul 2025 13:03:00 +0000 Description: Four low-level flaws can be chained together to pull data from the vulnerable devices, AMD warns. FULL STORY ======================================================================AMD finds four flaws, separately low in severity, but powerful when combined Together, they can be abused in information disclosure attacks The list of affected devices is rather extensive, so be on your guard AMD has discovered several security vulnerabilities affecting many of its chips can be chained together to create a concerning hack which could result in information disclosure. The four vulnerabilities are tracked as CVE-2024-36349 (3.8), CVE-2024-36348 (3.8), CVE-2024-36357 (5.6), and CVE-2024-36350 (5.6). Together, they can be used in a so-called Transient Scheduler Attack (TSA), a side-channel, or timing-based attack that likely exploits transient scheduling decisions made by the CPU scheduler to leak information. Since this is a side-channel attack that results in information disclosure, it is similar to the infamous Meltdown and Spectre flaws which dominated the security scene for months. Updating the systems Separately, the vulnerabilities were given relatively low severity scores, since the devices need to be compromised in advance, either by physical presence, or through malware, before they can be leveraged. Furthermore, the TSA would need to be executed many times before any meaningful data could be extracted. Here is how a theoretical attack would occur: A CPU expects load instructions to complete rather quickly. However, if there is a condition that prevents them from doing so, a false completion happens. Since the load didnt complete, the data from the load is forwarded to dependent operations, affecting the timing of the instructions the CPU executes - something the attackers can observe. The worst-case scenario is AMD chips leaking OS kernel information - but other applications or VMs could leak data as well. A patch is already available, and AMD advised system admins to update to the latest Windows versions as soon as possible. Those who are unable to install the patch quickly can implement a workaround involving a VERW instruction, but AMD has advised against it since it could reduce the performance of the system. In any case, the details about the mitigation can be found here . The full list of all affected chips, including EPYC, Ryzen, Instinct, Ahtlon, and others, can be found in AMDs advisory . Via The Register You might also like Intel still vulnerable to Spectre data-leak vulnerabilities, researchers say Intel and AMD chips are under attack from a new generation of Spectre threats We've rounded up the best password managers ====================================================================== Link to news story: https://www.techradar.com/pro/security/amd-uncovers-new-spectre-meltdown-esque -flaw-affecting-cpus-heres-what-we-know --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .