CVE-2021-46778

CWE-203 CWE-200 — Information Exposure4 documents4 sources

Severity

5.6MEDIUM

EPSS

0.1%

top 69.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD AMD Processors

Timeline

PublishedAug 10

Latest updateAug 11

Description

Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 1.1 | Impact: 4.0

Affected Packages1 packages

▶CVEListV5amd/amd_processorsProcessor Some AMD Processors

🔴Vulnerability Details

GHSA

GHSA-745h-3gvr-9mc6: Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3↗2022-08-11

▶

CVEList

CVE-2021-46778: Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3↗2022-08-09

▶

📋Vendor Advisories

Red Hat

hw: cpu: AMD: Execution Unit Scheduler Contention Side-Channel vulnerability↗2022-08-09

▶