AMD warns of new vulnerabilities similar to Meltdown and Spectre in desktop and server CPUs

AMD identifies four processor vulnerabilities; patch recommended despite low exploitation risk.

: AMD has discovered four novel vulnerabilities similar to the notorious Meltdown and Spectre bugs that previously affected Intel CPUs. These newly identified flaws are exclusive to AMD hardware and involve transient execution attacks targeting execution timing under particular microarchitectural conditions. Though considered complex to exploit and requiring physical access, these vulnerabilities span across several AMD processors, including EPYC, Ryzen, and Athlon. AMD has initiated firmware updates for critical vulnerabilities and anticipates further patches from Microsoft to fully mitigate these threats.

In July 2025, AMD announced the discovery of four security vulnerabilities similar to the Meltdown and Spectre flaws, which had primarily targeted Intel CPUs in the past. This new set of vulnerabilities is exclusive to AMD processors and involves transient scheduler attacks on the execution timing of x86 instructions under specific microarchitectural conditions. The identified flaws, tracked as CVE-2024-36350, CVE-2024-36357 (rated 'medium' severity), and CVE-2024-36348, CVE-2024-36349 (rated 'low' severity), have the potential to leak sensitive data, although exploitation is reportedly complex and requires local access to the affected system.

AMD downplays the severity of these vulnerabilities, suggesting that they pose a limited risk due to the difficulty of remote exploitation. Experts differ in their assessments, but AMD maintains that these flaws can only be triggered through a malicious application or virtual machine running on a physical device. Despite the limited risk, the breadth of affected hardware, including EPYC, Ryzen, Instinct, and older Athlon processors, could concern users across both consumer and enterprise sectors. Mitigations involve a combination of microcode updates and patches from operating system vendors.

The company has already released firmware updates to its OEM partners addressing the vulnerabilities rated as 'medium' severity, while patches for the 'low' severity vulnerabilities remain unplanned. In conjunction with these efforts, AMD is working with operating system vendors, especially Microsoft, to ensure comprehensive mitigation. Microsoft has issued related updates, reinforcing AMD's efforts by patching relevant microarchitectural leaks and helping to secure affected systems.

Among the recommended mitigation strategies is the frequent execution of the instructions related to the VERR and VERW commands, which may impact performance. AMD has urged system administrators to evaluate their systems and environments before implementing this specific strategy. The overall goal is to minimize potential exposure while maintaining optimal system performance.

Links to more detailed discussions and relevant updates from AMD and third-party security bodies are essential, offering users guidance on how to manage these vulnerabilities effectively. People interested in further information or firmware updates can visit AMD's dedicated security resources and expected updates from Microsoft to continue safeguarding their systems against these newly discovered threats.

Sources: TechSpot, AMD, The Register, Microsoft

CybersecurityHardwareSecurity