AMD processors & SUSE Xen: transient execution side-channel information leakage and Xen hypervisor DoS (CVE-2024-36350) #shorts

Summary

Welcome to our security podcast. Today we’re discussing CVE-2024-36350, a transient execution vulnerability disclosed by AMD in mid-2025. This flaw could allow an attacker to infer data from previous stores on a range of EPYC and Ryzen processors, potentially leaking privileged information. We’ll also touch on the related SUSE Linux Xen security update that addresses a denial-of-service issue under the same CVE identifier.

Product details

AMD has confirmed the issue affects multiple product lines including: EPYC 7003, 8004, 9004 series; Ryzen 5000, 6000, 7000, 8000, 8040 series desktop, mobile and embedded processors; and Threadripper PRO 7000 WX. All require updated PI microcode (versions such as MilanPI 1.0.0.G, GenoaPI 1.0.0.E, ComboAM5PI 1.2.0.3, StormPeakPI-SP6 1.1.0.0i, etc.) plus the latest OS patches. Separately, SUSE Linux Enterprise has released Xen Important Security Update 2025:02325-1, which addresses a denial-of-service vulnerability tracked as CVE-2024-36350 in the Xen hypervisor package.

Vulnerability type summary

CVE-2024-36350 is classified under CWE-1421: Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution. In essence, it’s a Spectre-style issue where speculative execution over shared CPU resources can leak data across protection boundaries.

Details of the vulnerability

Under certain workloads, an attacker running unprivileged code can trigger speculative instructions that infer the contents of recently stored data before architectural checks complete. By carefully measuring timing or cache side-channels, they can reconstruct bits of privileged memory. AMD’s microcode fixes adjust the CPU’s speculation behavior and flush internal buffers at the right times to block this inference channel. Meanwhile, SUSE’s Xen patch prevents a crash scenario in the hypervisor when handling malformed guest memory operations, closing a separate DoS vector under the same CVE tag.

Conclusion

To protect your systems, apply the latest AMD microcode updates for your processor family and install all relevant OS and BIOS patches. SUSE Linux users should update the Xen package to version 2025:02325-1 or later. While performance impacts vary by workload, these mitigations are critical to prevent data leakage and service interruptions. Stay current with vendor advisories and maintain a robust patch management program.

This chain involves the following actors

• Unprivileged Guest Code: Attacker
• System Administrator: Defender

This following systems are involved

• AMD EPYC 7003/8004/9004/9V64H Processors (Server central processing unit): Vulnerable hardware
• AMD Ryzen 5000/6000/7000/8000/7035/8040 Series (Desktop, mobile and embedded central processing unit): Vulnerable hardware
• AMD Threadripper PRO 7000 WX Series (High-end workstation central processing unit): Vulnerable hardware
• Xen Hypervisor on SUSE Linux (Virtual machine manager): Vulnerable software

Attack entry point

• User-space Code Execution: Attacker runs unprivileged code inside a virtual machine or user process on the target platform.
• Hypercall Interface: Attacker invokes hypercalls from a guest virtual machine to the Xen hypervisor.

Remediation actions

Exploitation actions

• https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html
• [2025-07-16] SUSE Linux: Xen Important Security Update 2025:02325-1 CVE-2024-36350 DoS
• [2025-07-16] SUSE releases important security advisories for Xen vulnerabilities CVE-2024-28956 and CVE-2024-36350.
• [2025-07-08] AMD disclosed a vulnerability in various EPYC and Ryzen processors that could lead to information disclosure if exploited.