AMD has identified two separate attack variants that enterprises should understand. The TSA-L1 attacks how L1 Cash handles the microtag lookup, it is incorrectly incorrect data loading that the attackers can detect. The TSA-SQ attacks occur when the load instructions incorrectly retrieve the data from the store queue when the required data is not available, the potentially allows the conclusion of sensitive information from already executed operations, the bulletin said.
The scope of the affected systems presents important challenges for the enterprise patch management teams. Weak processors include 3 and 4th generation EPYC processor powering cloud and on-r from the on-primosis data center infrastructure, Rvenie Series Processor, deployed in the corporate workstation environment, and the enterprise mobile processors supporting remote and hybrid work arrangements.
Crowsstrike CVSS enhances the classification of danger despite the score
While the complexity of the AMD attack rates the weaknesses as moderate and low severity depending on the requirements, Crowdastrik has freely classified them as important enterprise hazards. The security firm specifically flagged CVE-2025-36350 and CVE-2025-36357 as significant information disclosure weaknesses in the “AMD processor”, despite both CVSS scores despite both.
