5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
5.6 Medium
AI Score
Confidence
High
1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:H/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
10.7%
Bulletin ID: AMD-SB-1039 **Potential Impact:**Information Disclosure **Severity:**Medium
Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2”, “Zen 3” and “Zen 4” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information.
CVE-2021-46778
Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” ,“Zen 3” and “Zen 4” that use simultaneous multithreading (SMT).
Desktop
High-End Desktop (HEDT)
Workstation
Mobile
Chromebook
Server
AMD recommends software developers employ existing best practices1,2, including constant-time algorithms and avoiding secret-dependent control flows where appropriate to help mitigate this potential vulnerability.
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
5.6 Medium
AI Score
Confidence
High
1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:H/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
10.7%