Critical AMD Processor Vulnerability, CVE-2025-36357, Exposes Systems to Data Theft: A Comprehensive Guide to Protection

A critical vulnerability, identified as CVE-2025-36357, has been discovered in a wide range of AMD processors, posing a significant security risk to users worldwide. This flaw, disclosed in early July 2025, allows attackers to potentially steal sensitive data from affected systems. This article provides a detailed overview of the vulnerability, its potential impact, and the essential steps to mitigate the threat.

Understanding the Threat: A "Transient Scheduler Attack"

CVE-2025-36357 is a type of vulnerability known as a "Transient Scheduler Attack." It specifically targets the L1 Data Queue, a small, fast memory cache within the processor. This attack is a form of a side-channel attack that exploits a feature in modern processors called "speculative execution."

Speculative execution is a performance-enhancing technique where the processor predicts and executes instructions before they are certain to be needed. In the case of CVE-2025-36357, an attacker can manipulate the processor's scheduler, leading to the speculative execution of instructions that access sensitive data. Although these speculative operations are ultimately discarded, they can leave behind subtle traces, or "side channels," that a skilled attacker can analyze to reconstruct the confidential information.

This vulnerability is part of a broader class of attacks called "Transient Scheduler Attacks" (TSA), which also includes a related flaw, CVE-2025-36350, affecting the processor's Store Queue. Both vulnerabilities could allow a local attacker with low privileges to access sensitive information without any user interaction.

Which AMD Processors Are Affected?

The vulnerability impacts a broad spectrum of AMD's processor lineup, including server, desktop, and mobile CPUs. According to AMD's security bulletin, AMD-SB-7029, the affected processor families include:

  • EPYC™ Processors: Including Naples, Rome, Milan, and Genoa series.
  • Ryzen™ Processors: Including the 3000, 5000, and 7000 series for both desktop and mobile.
  • Athlon™ Processors: Including select models.
  • Threadripper™ Processors: Certain models are also affected.

For a complete and detailed list of affected models, users should refer to the official AMD Security Bulletin.

How to Protect Your System: A Two-Pronged Approach

Mitigating CVE-2025-36357 requires a combination of updates from both your system's manufacturer and your operating system vendor.

1. Firmware and Microcode Updates: AMD has released updated microcode to its hardware partners, such as motherboard manufacturers and original equipment manufacturers (OEMs). These updates are delivered through BIOS or UEFI firmware updates. Users should check the support section of their computer or motherboard manufacturer's website for the latest firmware releases.

2. Operating System Patches: Operating system vendors have also released patches to address this vulnerability.

  • For Windows Users: Microsoft has included mitigations in its July 2025 Patch Tuesday security updates. Ensuring your Windows system is up-to-date is a critical step in protecting against this threat.
  • For Linux Users: The Linux kernel has also been updated to include mitigations for Transient Scheduler Attacks. Users should update their Linux distributions to the latest available kernel version.

It is crucial to apply both firmware and operating system updates to be fully protected.

The Broader Context: A Look at Processor Security

The discovery of CVE-2025-36357 highlights the ongoing challenge of securing modern processors that rely on complex performance-enhancing techniques like speculative execution. This is not a problem unique to AMD.

Intel, AMD's primary competitor, has also faced a series of significant vulnerabilities related to speculative execution, most notably the "Meltdown" and "Spectre" flaws discovered in 2018. More recently, in May 2025, researchers disclosed new vulnerabilities in Intel CPUs, including "Branch Privilege Injection" (CVE-2024-45332) and "Training Solo," which also exploit side-channels in the processor's architecture.

Both companies are in a continuous race to identify and patch these low-level hardware vulnerabilities. The coordinated disclosure and mitigation efforts between chip manufacturers like AMD and operating system vendors like Microsoft are essential in protecting users from these sophisticated threats.

Conclusion: Vigilance is Key

CVE-2025-36357 is a serious vulnerability that requires immediate attention from users of affected AMD processors. By promptly applying the latest firmware and operating system updates, users can significantly reduce their risk of falling victim to data theft. This incident also serves as a reminder of the complex and evolving landscape of cybersecurity, where the very hardware that powers our digital lives can also be a source of potential risk. Staying informed about security alerts and maintaining a diligent patching schedule are fundamental best practices for all computer users.