{
  "threat_severity" : "Moderate",
  "public_date" : "2022-08-09T06:30:00Z",
  "bugzilla" : {
    "description" : "hw: cpu: AMD: Execution Unit Scheduler Contention Side-Channel vulnerability",
    "id" : "2114996",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2114996"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
    "status" : "draft"
  },
  "cwe" : "CWE-200",
  "details" : [ "Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information.", "A contention-based side channel vulnerability was found in hw. Some AMD CPUs using simultaneous multithreading (SMT) may allow an attacker to measure the contention level on scheduler queues, leading to potential leakage of sensitive information." ],
  "acknowledgement" : "Red Hat would like to thank Gururaj Saileshwar of Georgia Institute of Technology, Simone Franza, Andreas Kogler and Markus Kostl of Graz University of Technology, and Stefan Gast, Daniel Gruss, Jonas Jiffinger and Martin Schwarzl of Lamarr Security Researcher/Graz University of Technology for reporting this issue.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-46778\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46778\nhttps://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039" ],
  "name" : "CVE-2021-46778",
  "csaw" : false
}