Description
Improper enforcement of the LFENCE serialization property may allow an attacker to bypass speculation barriers and potentially disclose sensitive information, potentially resulting in loss of confidentiality.
Published: 2026-05-13
Score: 5.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability stems from improper enforcement of the LFENCE serialization property, which allows an attacker to bypass speculation barriers. This breach can enable the disclosure of sensitive information, leading to confidentiality compromise.

Affected Systems

The flaw affects various AMD processor families, including the EPYC 8004 and 9004 Series, EPYC Embedded 8004 and 9004 Series, Instinct MI300A Series, Ryzen 7000, 7040, 7045, 8000, 9000, Embedded 7000, Embedded 8000, and Z1 Series processors. Specific revision or microcode information is not provided in the announcement.

Risk and Exploitability

The vulnerability carries a CVSS score of 5.7, indicating moderate risk. EPSS data is unavailable, and the issue is not listed in the CISA KEV catalog. While the precise attack vector is not detailed, the nature of speculation barrier bypass infers that exploitation may require privileged or local execution, possibly coupled with hardware or firmware access. Protection against this risk currently relies on applying the microcode updates recommended by AMD.

Generated by OpenCVE AI on May 13, 2026 at 04:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and apply the microcode update releases from AMD security bulletins SB-3030 and SB-4017 to all affected processor families.
  • Reboot each system to load the updated microcode and ensure the firmware uses the patched version.
  • Update the host firmware (BIOS/UEFI) to the latest compatible release that incorporates the corrected microcode, guaranteeing the microcode takes effect at boot.

Generated by OpenCVE AI on May 13, 2026 at 04:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 13 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Amd
Amd epyc 4004 Series Processors
Amd epyc 8004 Series Processors
Amd epyc 9004 Series Processors
Amd epyc Embedded 8004 Series Processors
Amd epyc Embedded 9004 Series Processors
Amd instinct Mi300a Series Processors
Amd ryzen 7000 Series Desktop Processors
Amd ryzen 7040 Series Mobile Processors With Radeon Graphics
Amd ryzen 7045 Series Mobile Processors With Radeon Graphics
Amd ryzen 8000 Series Desktop Processors
Amd ryzen 9000 Series Desktop Processors
Amd ryzen Embedded 7000 Series Processors
Amd ryzen Embedded 8000 Series Processors
Amd ryzen Z1 Series Processors
Vendors & Products Amd
Amd epyc 4004 Series Processors
Amd epyc 8004 Series Processors
Amd epyc 9004 Series Processors
Amd epyc Embedded 8004 Series Processors
Amd epyc Embedded 9004 Series Processors
Amd instinct Mi300a Series Processors
Amd ryzen 7000 Series Desktop Processors
Amd ryzen 7040 Series Mobile Processors With Radeon Graphics
Amd ryzen 7045 Series Mobile Processors With Radeon Graphics
Amd ryzen 8000 Series Desktop Processors
Amd ryzen 9000 Series Desktop Processors
Amd ryzen Embedded 7000 Series Processors
Amd ryzen Embedded 8000 Series Processors
Amd ryzen Z1 Series Processors

Wed, 13 May 2026 05:15:00 +0000

Type Values Removed Values Added
Title Speculative Execution Bypass via Improper LFENCE Enforcement Leading to Potential Data Disclosure

Wed, 13 May 2026 03:30:00 +0000

Type Values Removed Values Added
Description Improper enforcement of the LFENCE serialization property may allow an attacker to bypass speculation barriers and potentially disclose sensitive information, potentially resulting in loss of confidentiality.
Weaknesses CWE-693
References
Metrics cvssV4_0

{'score': 5.7, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Amd Epyc 4004 Series Processors Epyc 8004 Series Processors Epyc 9004 Series Processors Epyc Embedded 8004 Series Processors Epyc Embedded 9004 Series Processors Instinct Mi300a Series Processors Ryzen 7000 Series Desktop Processors Ryzen 7040 Series Mobile Processors With Radeon Graphics Ryzen 7045 Series Mobile Processors With Radeon Graphics Ryzen 8000 Series Desktop Processors Ryzen 9000 Series Desktop Processors Ryzen Embedded 7000 Series Processors Ryzen Embedded 8000 Series Processors Ryzen Z1 Series Processors
cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-05-13T14:36:26.409Z

Reserved: 2024-05-23T19:44:32.297Z

Link: CVE-2024-36315

cve-icon Vulnrichment

Updated: 2026-05-13T14:36:23.132Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T04:16:43.977

Modified: 2026-05-13T14:49:11.830

Link: CVE-2024-36315

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T10:34:56Z

Weaknesses