AMD has recognized two distinct assault variants that enterprises should perceive. TSA-L1 assaults goal errors in how the L1 cache handles microtag lookups, probably inflicting incorrect knowledge loading that attackers can detect. TSA-SQ assaults happen when load directions erroneously retrieve knowledge from the shop queue when required knowledge isn’t obtainable, probably permitting inference of delicate info from beforehand executed operations, the bulletin added.
The scope of affected methods presents important challenges for enterprise patch administration groups. Susceptible processors embody third and 4th era EPYC processors powering cloud and on-premises knowledge middle infrastructure, Ryzen collection processors deployed throughout company workstation environments, and enterprise cell processors supporting distant and hybrid work preparations.
CrowdStrike elevates menace classification regardless of CVSS scores
Whereas AMD charges the vulnerabilities as medium and low severity primarily based on assault complexity necessities, CrowdStrike has independently categorised them as crucial enterprise threats. The security agency particularly flagged CVE-2025-36350 and CVE-2025-36357 as “Essential info disclosure vulnerabilities in AMD processors,” regardless of each carrying CVSS scores of simply 5.6.
