{"id":"USN-7848-1","summary":"amd64-microcode vulnerabilities","details":"Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos,\nand Flavien Solt discovered that some AMD processors may allow an attacker\nto infer data from previous stores. A local attacker could possibly use\nthis issue to expose sensitive information. This update provides the\nupdated microcode mitigations required for the corresponding Linux kernel\nupdate.","modified":"2026-02-04T03:42:55.534794Z","published":"2025-10-29T19:51:21.182337Z","related":["UBUNTU-CVE-2024-36350","UBUNTU-CVE-2024-36357"],"upstream":["CVE-2024-36350","CVE-2024-36357","UBUNTU-CVE-2024-36350","UBUNTU-CVE-2024-36357"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7848-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-36350"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-36357"}],"affected":[{"package":{"name":"amd64-microcode","ecosystem":"Ubuntu:25.04","purl":"pkg:deb/ubuntu/amd64-microcode@3.20250708.0ubuntu0.25.04.2?arch=source&distro=plucky"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.20250708.0ubuntu0.25.04.2"}]}],"versions":["3.20240116.2+nmu1ubuntu1","3.20240116.2+nmu1ubuntu1.1","3.20240820.1ubuntu1","3.20250311.1ubuntu0.25.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.20250708.0ubuntu0.25.04.2","binary_name":"amd64-microcode"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:25.04","cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-36350"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-36357"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7848-1.json"}}],"schema_version":"1.7.3"}