AMD Warns of Transient Scheduler Attacks Affecting Wide Range of Chipsets

The vulnerabilities leverage timing-based side channels in AMD’s microarchitectural implementations, allowing attackers to infer sensitive information from system memory and processor states through carefully crafted speculative execution sequences. Advanced Micro Devices has disclosed a series of critical security vulnerabilities affecting multiple generations of its processor architectures, stemming from transient scheduler attacks that exploit speculative execution mechanisms. AMD analysts identified these transient execution vulnerabilities as capable of bypassing traditional security boundaries, potentially exposing privileged information across different execution contexts. The attack methodology centers on manipulating the processor’s speculative execution engine to create measurable timing differences that leak information about memory contents and system state. The impact spans across AMD’s extensive processor portfolio, including third and fourth-generation EPYC server processors, Ryzen desktop and mobile processors from the 5000 through 8000 series, Threadripper workstation processors, and various embedded computing platforms. The attacks target fundamental processor operations including store-to-load forwarding, L1 data cache interactions, and control register access mechanisms, creating opportunities for unauthorized data extraction. CVE-2024-36350 and CVE-2024-36357, both carrying CVSS scores of 5.6, represent the most severe vulnerabilities by enabling attackers to infer data from previous store operations and L1D cache contents respectively. The vulnerabilities require local access and specific microarchitectural conditions to trigger successfully, limiting their practical exploitation to scenarios where attackers already possess some level of system access. These attacks exploit the processor’s attempt to optimize performance through speculative execution, turning this efficiency mechanism into a security liability. The vulnerabilities, identified through four distinct Common Vulnerabilities and Exposures (CVE) entries, pose significant risks to data confidentiality across enterprise and consumer computing environments. Organizations must implement both firmware updates from original equipment manufacturers and corresponding operating system patches to achieve complete protection against these sophisticated microarchitectural attacks. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 11 Jul 2025 08:55:11 +0000

Cyber News related to AMD Warns of Transient Scheduler Attacks Affecting Wide Range of Chipsets

AMD Warns of Transient Scheduler Attacks Affecting Wide Range of Chipsets - The vulnerabilities leverage timing-based side channels in AMD’s microarchitectural implementations, allowing attackers to infer sensitive information from system memory and processor states through carefully crafted speculative execution ...
3 days ago Cybersecuritynews.com CVE-2024-36350

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com

CVE-2022-49547 - In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock between concurrent dio writes when low on free data space When reserving data space for a direct IO write we can end up deadlocking if we have multiple tasks ...
4 months ago Tenable.com

CVE-2024-27080 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago

MediaTek July 2025 Security Update Patches Vulnerabilities Affecting a Wide Range of Their Chipsets - Buffer underflow vulnerabilities (CVE-2025-20694 and CVE-2025-20695) in Bluetooth firmware present system crash risks classified as CWE-124, affecting extensive chipset ranges including MT2718, MT6639, MT6653, MT8113, MT8115, MT8127, MT8163, MT8168, ...
6 days ago Cybersecuritynews.com CVE-2025-20694

Fresh SLAM Attack Extracts Sensitive Data from AMD CPUs and Upcoming Intel Processors - Academic researchers have unveiled a novel side-channel attack named SLAM, designed to exploit hardware enhancements meant to bolster security in forthcoming CPUs from major manufacturers like Intel, AMD, and Arm. The attack aims to retrieve the root ...
1 year ago Cysecurity.news

CVE-2025-21702 - In the Linux kernel, the following vulnerability has been resolved: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Expected behaviour: In case we reach scheduler's limit, pfifo_tail_enqueue() will drop a packet in scheduler's queue and ...
4 months ago Tenable.com

AMD CPU Signature Verification Vulnerability Let Attackers Load Malicious Microcode - However, the fact that Google’s researchers were able to successfully bypass AMD’s microcode signature verification highlights a potential weakness in the security architecture of modern processors that could have significant implications ...
3 months ago Cybersecuritynews.com CVE-2024-36347

SLAM Attack: New Vulnerability Targets Intel, AMD, Arm CPUs - In a groundbreaking revelation, researchers from Vrije Universiteit Amsterdam have uncovered a formidable side-channel attack known as SLAM, posing a serious threat to the security of current and future CPUs manufactured by tech giants Intel, AMD, ...
1 year ago Securityboulevard.com

CVE-2024-57975 - In the Linux kernel, the following vulnerability has been resolved: ...
4 months ago

CVE-2019-19083 - Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in ...
4 years ago

Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day - Today is Microsoft's December 2023 Patch Tuesday, which includes security updates for a total of 34 flaws and one previously disclosed, unpatched vulnerability in AMD CPUs. While eight remote code execution bugs were fixed, Microsoft only rated three ...
1 year ago Bleepingcomputer.com CVE-2023-20588

25 Best Cloud Service Providers (Public and Private) in 2025 - Oracle Cloud offers a variety of services, including infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS), to help organizations build, deploy, and run applications in the cloud. Oracle Cloud is a cloud ...
2 months ago Cybersecuritynews.com

MediaTek Security Update - Patch for Vulnerabilities Affecting Smartphone, Tablet, & other Devices - The bulletin, published today, highlights significant security risks affecting a wide array of devices, including smartphones, tablets, IoT devices, smart displays, and various multimedia equipment. This security update exemplifies MediaTek’s ...
3 months ago Cybersecuritynews.com CVE-2025-20654

New SLAM attack steals sensitive data from AMD, future Intel CPUs - Academic researchers developed a new side-channel attack called SLAM that exploits hardware features designed to improve security in upcoming CPUs from Intel, AMD, and Arm to obtain the root password hash from the kernel memory. SLAM is a transient ...
1 year ago Bleepingcomputer.com

CVE-2024-57976 - In the Linux kernel, the following vulnerability has been resolved: ...
4 months ago

Qualcomm chip vulnerability enables remote attack by voice call - Qualcomm disclosed a critical vulnerability on New Year's Day that would allow remote attacks via malicious voice calls over LTE networks. The January 2024 security bulletin lists a total of 26 vulnerabilities, including four critical ...
1 year ago Packetstormsecurity.com CVE-2023-33025 CVE-2023-33036 CVE-2023-33030

Researchers Claim Design Flaw in Google Workspace Puts Organizations at Risk - Google is disputing a security vendor's report this week about an apparent design weakness in Google Workspace that puts users at risk of data theft and other potential security issues. According to Hunters Security, a flaw in Google Workspace's ...
1 year ago Darkreading.com Hunters

AMD Ryzen DLL Hijacking Vulnerability Let Attackers Execute Arbitrary Code - Similar vulnerabilities have been reported in other AMD products, such as the AMD Integrated Management Technology (AIM-T) Manageability Service (CVE-2023-31361) and AMD μProf (CVE-2023-31348), highlighting the importance of secure library loading ...
5 months ago Cybersecuritynews.com CVE-2023-31361 CVE-2023-31348

CVE-2017-3537 - Vulnerability in the Oracle Real-Time Scheduler component of Oracle Utilities Applications (subcomponent: Mobile Communications Platform). Supported versions that are affected are 2.2.0.3.13, 2.3.0.0 and 2.3.0.1. Easily "exploitable" ...
5 years ago

CVE-2020-14735 - Vulnerability in the Scheduler component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with ...
4 years ago

MediaTek Warns of Multiple Vulnerabilities that let Attackers Escalate Privileges - The UAE Cyber Security Council recommends immediate network segmentation for critical infrastructure using affected chipsets and continuous monitoring for anomalous base station associations. The March 2025 Product Security Bulletin highlights three ...
4 months ago Cybersecuritynews.com CVE-2025-20644

CVE-2024-36877 - Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B760, B560, B660, and B460) with firmware 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H was discovered to contain a write-what-where condition in ...
8 months ago

CVE-2020-9057 - Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay ...
3 years ago

CVE-2019-19082 - Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in ...
4 years ago