Lucene search

[email protected]CVE-2021-46778

HistoryAug 10, 2022 - 8:15 p.m.

CVE-2021-46778

2022-08-1020:15:00

CWE-203

[email protected]

web.nvd.nist.gov

amd

cpu

side channel vulnerability

cve-2021-46778

zen 1

zen 2

zen 3

smt

nvd

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

5.8 Medium

AI Score

Confidence

High

1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:H/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

12.0%

JSON

Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information.

CPENameOperatorVersion
amd:athlon_3050ge_firmwareamd athlon 3050ge firmwareeq-
amd:athlon_3150g_firmwareamd athlon 3150g firmwareeq-
amd:athlon_3150ge_firmwareamd athlon 3150ge firmwareeq-
amd:epyc_7001_firmwareamd epyc 7001 firmwareeq-
amd:epyc_7002_firmwareamd epyc 7002 firmwareeq-
amd:epyc_7003_firmwareamd epyc 7003 firmwareeq-
amd:epyc_7232p_firmwareamd epyc 7232p firmwareeq-
amd:epyc_7251_firmwareamd epyc 7251 firmwareeq-
amd:epyc_7252_firmwareamd epyc 7252 firmwareeq-
amd:epyc_7261_firmwareamd epyc 7261 firmwareeq-

CPE	Name	Operator	Version
amd:athlon_3050ge_firmware	amd athlon 3050ge firmware	eq	-
amd:athlon_3150g_firmware	amd athlon 3150g firmware	eq	-
amd:athlon_3150ge_firmware	amd athlon 3150ge firmware	eq	-
amd:epyc_7001_firmware	amd epyc 7001 firmware	eq	-
amd:epyc_7002_firmware	amd epyc 7002 firmware	eq	-
amd:epyc_7003_firmware	amd epyc 7003 firmware	eq	-
amd:epyc_7232p_firmware	amd epyc 7232p firmware	eq	-
amd:epyc_7251_firmware	amd epyc 7251 firmware	eq	-
amd:epyc_7252_firmware	amd epyc 7252 firmware	eq	-
amd:epyc_7261_firmware	amd epyc 7261 firmware	eq	-

Rows per page:

1-10 of 1791

References

www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039

Social References

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

5.8 Medium

AI Score

Confidence

High

1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:H/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

12.0%

JSON

Related for CVE-2021-46778

openvas1 prion1 amd1 redhatcve1 thn1