AMD warns of new Meltdown, Spectre-style flaws in desktop and server CPUs

In context: When they were first revealed in 2018, the Spectre and Meltdown CPU vulnerabilities primarily targeted Intel and some non-x86 processors. Now, AMD has identified new potential attack vectors that affect a wide range of its own CPUs, and they appear to be exclusive to AMD hardware.

AMD researchers have disclosed four new security vulnerabilities affecting the company's processors, warning that they could potentially be exploited through two distinct transient scheduler attacks.

According to AMD's advisory, these attacks involve the execution timing of x86 instructions under specific microarchitectural conditions. In practice, the flaws could be abused to leak sensitive data, similar to how Spectre and Meltdown operated in the past.

The vulnerabilities are tracked as CVE-2024-36350, CVE-2024-36357, CVE-2024-36348, and CVE-2024-36349. The first two are rated as "medium" severity, while the latter two are considered "low" severity. AMD emphasizes that these flaws pose limited risk, as they are ...