Severity by source
AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage.
Analysis
A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage.
Technical ContextAI
Information disclosure occurs when an application inadvertently reveals sensitive data to unauthorized actors through error messages, logs, or improper access controls.
RemediationAI
Implement proper access controls. Sanitize error messages in production. Review logging practices to avoid capturing sensitive data.
Same technique Information Disclosure
View allVendor StatusVendor
Ubuntu
Priority: Low| Release | Status | Version |
|---|---|---|
| plucky | ignored | end of life, was deferred [2025-07-10] |
| bionic | not-affected | see Notes |
| focal | not-affected | see Notes |
| jammy | not-affected | see Notes |
| noble | not-affected | see Notes |
| trusty | not-affected | see Notes |
| upstream | needs-triage | - |
| xenial | not-affected | see Notes |
| oracular | ignored | end of life, was deferred [2025-07-10] |
| questing | not-affected | see Notes |
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye/non-free | vulnerable | 3.20240820.1~deb11u1 | - |
| bullseye/non-free (security) | vulnerable | 3.20250311.1~deb11u1 | - |
| bookworm/non-free-firmware | vulnerable | 3.20250311.1~deb12u1 | - |
| bookworm/non-free-firmware (security) | vulnerable | 3.20230719.1~deb12u1 | - |
| trixie/non-free-firmware | vulnerable | 3.20250311.1 | - |
| forky/non-free-firmware, sid/non-free-firmware | vulnerable | 3.20251202.1 | - |
| (unstable) | fixed | (unfixed) | unimportant |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2024-54761