AMD has identified two distinct attack variants that enterprises must understand. TSA-L1 attacks target errors in how the L1 cache handles microtag lookups, potentially causing incorrect data loading that attackers can detect. TSA-SQ attacks occur when load instructions erroneously retrieve data from the store queue when required data isn’t available, potentially allowing inference of sensitive information from previously executed operations, the bulletin added.
The scope of affected systems presents significant challenges for enterprise patch management teams. Vulnerable processors include 3rd and 4th generation EPYC processors powering cloud and on-premises data center infrastructure, Ryzen series processors deployed across corporate workstation environments, and enterprise mobile processors supporting remote and hybrid work arrangements.
CrowdStrike elevates threat classification despite CVSS scores
While AMD rates the vulnerabilities as medium and low severity based on attack complexity requirements, CrowdStrike has independently classified them as critical enterprise threats. The security firm specifically flagged CVE-2025-36350 and CVE-2025-36357 as “Critical information disclosure vulnerabilities in AMD processors,” despite both carrying CVSS scores of just 5.6.
