Vulnerability Description
Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amd | Athlon 3050Ge Firmware | - |
| Amd | Athlon 3050Ge | - |
| Amd | Athlon 3150G Firmware | - |
| Amd | Athlon 3150G | - |
| Amd | Athlon 3150Ge Firmware | - |
| Amd | Athlon 3150Ge | - |
| Amd | Epyc 7001 Firmware | - |
| Amd | Epyc 7001 | - |
| Amd | Epyc 7002 Firmware | - |
| Amd | Epyc 7002 | - |
| Amd | Epyc 7003 Firmware | - |
| Amd | Epyc 7003 | - |
| Amd | Epyc 7232P Firmware | - |
| Amd | Epyc 7232P | - |
| Amd | Epyc 7251 Firmware | - |
| Amd | Epyc 7251 | - |
| Amd | Epyc 7252 Firmware | - |
| Amd | Epyc 7252 | - |
| Amd | Epyc 7261 Firmware | - |
| Amd | Epyc 7261 | - |
Related Weaknesses (CWE)
References
- https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039Vendor Advisory
- https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039Vendor Advisory
FAQ
What is CVE-2021-46778?
CVE-2021-46778 is a vulnerability with a CVSS score of 5.6 (MEDIUM). Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By m...
How severe is CVE-2021-46778?
CVE-2021-46778 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-46778?
Check the references section above for vendor advisories and patch information. Affected products include: Amd Athlon 3050Ge Firmware, Amd Athlon 3050Ge, Amd Athlon 3150G Firmware, Amd Athlon 3150G, Amd Athlon 3150Ge Firmware.