Amd.comAMD-SB-1039Execution Unit Scheduler Contention Side-Channel Vulnerability on AMD Processors
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
5.6 Medium
AI Score
Confidence
High
1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:H/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
10.7%
Bulletin ID: AMD-SB-1039 **Potential Impact:**Information Disclosure **Severity:**Medium
Summary
Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2”, “Zen 3” and “Zen 4” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information.
CVE Details
CVE-2021-46778
Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” ,“Zen 3” and “Zen 4” that use simultaneous multithreading (SMT).
Affected Products
Desktop
- AMD Athlon™ 2000 Series Desktop processors
- AMD Athlon™ 3000 Series Desktop processors
- AMD Ryzen™ 2000 Series Desktop processors
- AMD Ryzen™ 3000 Series Desktop processors
- AMD Ryzen™ 5000 Series Desktop processors
- AMD Ryzen™ 7000 Series Desktop processors
- AMD Ryzen™ 3000 Series Desktop processors with Radeon™ Graphics
- AMD Ryzen™ 4000 Series Desktop processors with Radeon™ Graphics
- AMD Ryzen™ 5000 Series Desktop processors with Radeon™ Graphics
High-End Desktop (HEDT)
- AMD Ryzen™ Threadripper™ 2000 Series processors
- AMD Ryzen™ Threadripper™ 3000 Series processors
- AMD Ryzen™ Threadripper™ 7000 Series processors
Workstation
- AMD Ryzen™ Threadripper™ PRO 3000 Series processors
- AMD Ryzen™ Threadripper™ PRO 5000 Series processors
- AMD Ryzen™ Threadripper™ PRO 7000 Series processors
Mobile
- AMD Ryzen™ 2000 Series Mobile processors with Radeon™ Graphics
- AMD Athlon™ 3000 Series Mobile processors with Radeon™ Graphics
- AMD Ryzen™ 3000 Series Mobile processors with Radeon™ Graphics
- AMD Ryzen™ 4000 Series Mobile processors with Radeon™ Graphics
- AMD Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics
- AMD Ryzen™ 6000 Series Mobile processors with Radeon™ Graphics
- AMD Ryzen™ 7000 Series Mobile processors with Radeon™ Graphics
- AMD Ryzen™ 8000 Series Mobile processors with Radeon™ Graphics
Chromebook
- AMD Athlon™ 3000 Series Mobile processor with Radeon™ Graphics
- AMD Athlon™ 7000 Series Mobile processor with Radeon™ Graphics
- AMD Ryzen™ 3000 Series Mobile processor with Radeon™ Graphics
- AMD Ryzen™ 5000 Series Mobile processor with Radeon™ Graphics
- AMD Ryzen™ 7000 Series Mobile processor with Radeon™ Graphics
Server
- 1st Gen AMD EPYC™ processors
- 2nd Gen AMD EPYC™ processors
- 3rd Gen AMD EPYC™ processors
- 4th Gen AMD EPYC™ processors
Mitigation
AMD recommends software developers employ existing best practices1,2, including constant-time algorithms and avoiding secret-dependent control flows where appropriate to help mitigate this potential vulnerability.
Related
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
5.6 Medium
AI Score
Confidence
High
1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:H/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
10.7%