# AMD Warns of New Spectre and Meltdown-esque Flaw: What You Need to Know
AMD has issued a warning about a new security vulnerability that could affect its top CPUs, similar to the infamous Meltdown and Spectre flaws that dominated the security scene for months. The four vulnerabilities, tracked as CVE-2024-36349 (3.8), CVE-2024-36348 (3.8), CVE-2024-36357 (5.6), and CVE-2024-36350 (5.6), can be chained together to create a concerning hack that could result in information disclosure.
## What is the Transient Scheduler Attack (TSA)?
The four vulnerabilities are part of a side-channel, or timing-based attack known as the Transient Scheduler Attack (TSA). This attack exploits transient scheduling decisions made by the CPU scheduler to leak information. The TSA works by manipulating the timing of instructions executed by the CPU, allowing attackers to observe the data being forwarded from load operations.
## How Does the Attack Work?
In a typical scenario, a CPU expects load instructions to complete quickly. However, if there is a condition that prevents them from doing so, a "false completion" occurs. Since the load didn't complete, the data from the load is forwarded to dependent operations, affecting the timing of the instructions executed by the CPU - something attackers can observe.
## The Risks
The worst-case scenario is that AMD chips leak OS kernel information, but other applications or VMs could also leak data. The severity of this vulnerability is relatively low because devices need to be compromised in advance, either by physical presence or through malware, before they can be leveraged.
## What Can Be Done?
A patch is already available for AMD's affected CPUs. System administrators are advised to update to the latest Windows versions as soon as possible. However, those who are unable to install the patch quickly may implement a workaround involving a VERW instruction, but AMD has warned against it since it could reduce system performance.
## What Chips Are Affected?
The full list of all affected chips, including EPYC, Ryzen, Instinct, Ahtlon, and others, can be found in AMD's advisory. To stay safe, system administrators should take immediate action to update their systems with the latest patches.
Stay informed about the latest security updates and patches by following TechRadar Pro's top news, opinion, features, and guidance for your business needs.