CVE-2024-36315

Severity CVSS v4.0:

MEDIUM

Type:

CWE-693 Protection Mechanism Failure

Publication date:

13/05/2026

Last modified:

13/05/2026

Description

Improper enforcement of the LFENCE serialization property may allow an attacker to bypass speculation barriers and potentially disclose sensitive information, potentially resulting in loss of confidentiality.

Impact

Vector 4.0

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS v4.0 Severity and Metrics:

Base Score: 5.70 MEDIUM
Vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Attack Vector (AV): Local
Attack Complexity (AC): High
Attack Requirements (AT): Present
Privileges Required (PR): Low
User Interaction (UI): None
Confidentiality (VC): High
Integrity (VI): None
Availability (VA): None
Confidentiality (SC): None
Integrity (SI): None
Availability (SA): None

Base Score 4.0

5.70

Severity 4.0

MEDIUM

References to Advisories, Solutions, and Tools

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3030.html
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html