CVE-2021-46778 [Medium] | Information Disclosure in Athlon 3050ge Firmware

Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-03-17	0.04%	0.09%	+0.05%
2	2023-03-07	1.04%	0.04%	-0.99%
3	2022-08-20	—	1.04%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2025-03-17

0.04%

0.09%

+0.05%

2023-03-07

1.04%

0.04%

-0.99%

2022-08-20

—

1.04%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
5.6	3.1	MEDIUM	`CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N` Click to expand Attack vector (AV:L) They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by. Attack complexity (AC:H) Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work. Privileges required (PR:L) A normal user session is enough; they don’t have to be admin. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:C) Breaking this can reach past the original component and bite other resources—bigger blast radius. Confidentiality (C:H) Serious risk that confidential data gets exposed in a big way. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:N) Service keeps running; no real outage angle.	1.1	4.0	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

5.6

3.1

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Click to expand

Attack vector (AV:L): They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:H): Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:L): A normal user session is enough; they don’t have to be admin.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C): Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:H): Serious risk that confidential data gets exposed in a big way.
Integrity (I:N): Data isn’t meaningfully altered or forged.
Availability (A:N): Service keeps running; no real outage angle.

1.1

4.0

[email protected]

OS Trackers for CVE-2021-46778

vendor	priority	summary	link
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2021-46778
`suse`	medium	—	https://www.suse.com/security/cve/CVE-2021-46778/

vendor

priority

summary

link

redhat

medium

—

https://access.redhat.com/security/cve/CVE-2021-46778

suse

medium

—

https://www.suse.com/security/cve/CVE-2021-46778/

Affected software / configurations for CVE-2021-46778

Vendor	Product	Version	Raw CPE
amd	athlon_3050ge_firmware	—	cpe:2.3:o:amd:athlon_3050ge_firmware:-:::::::*
amd	athlon_3150g_firmware	—	cpe:2.3:o:amd:athlon_3150g_firmware:-:::::::*
amd	athlon_3150ge_firmware	—	cpe:2.3:o:amd:athlon_3150ge_firmware:-:::::::*
amd	epyc_7001_firmware	—	cpe:2.3:o:amd:epyc_7001_firmware:-:::::::*
amd	epyc_7002_firmware	—	cpe:2.3:o:amd:epyc_7002_firmware:-:::::::*
amd	epyc_7003_firmware	—	cpe:2.3:o:amd:epyc_7003_firmware:-:::::::*
amd	epyc_7232p_firmware	—	cpe:2.3:o:amd:epyc_7232p_firmware:-:::::::*
amd	epyc_7251_firmware	—	cpe:2.3:o:amd:epyc_7251_firmware:-:::::::*
amd	epyc_7252_firmware	—	cpe:2.3:o:amd:epyc_7252_firmware:-:::::::*
amd	epyc_7261_firmware	—	cpe:2.3:o:amd:epyc_7261_firmware:-:::::::*
amd	epyc_7262_firmware	—	cpe:2.3:o:amd:epyc_7262_firmware:-:::::::*
amd	epyc_7272_firmware	—	cpe:2.3:o:amd:epyc_7272_firmware:-:::::::*
amd	epyc_7281_firmware	—	cpe:2.3:o:amd:epyc_7281_firmware:-:::::::*
amd	epyc_7282_firmware	—	cpe:2.3:o:amd:epyc_7282_firmware:-:::::::*
amd	epyc_72f3_firmware	—	cpe:2.3:o:amd:epyc_72f3_firmware:-:::::::*
amd	epyc_7301_firmware	—	cpe:2.3:o:amd:epyc_7301_firmware:-:::::::*
amd	epyc_7302_firmware	—	cpe:2.3:o:amd:epyc_7302_firmware:-:::::::*
amd	epyc_7302p_firmware	—	cpe:2.3:o:amd:epyc_7302p_firmware:-:::::::*
amd	epyc_7313_firmware	—	cpe:2.3:o:amd:epyc_7313_firmware:-:::::::*
amd	epyc_7313p_firmware	—	cpe:2.3:o:amd:epyc_7313p_firmware:-:::::::*
amd	epyc_7343_firmware	—	cpe:2.3:o:amd:epyc_7343_firmware:-:::::::*
amd	epyc_7351_firmware	—	cpe:2.3:o:amd:epyc_7351_firmware:-:::::::*
amd	epyc_7351p_firmware	—	cpe:2.3:o:amd:epyc_7351p_firmware:-:::::::*
amd	epyc_7352_firmware	—	cpe:2.3:o:amd:epyc_7352_firmware:-:::::::*
amd	epyc_7371_firmware	—	cpe:2.3:o:amd:epyc_7371_firmware:-:::::::*
amd	epyc_7373x_firmware	—	cpe:2.3:o:amd:epyc_7373x_firmware:-:::::::*
amd	epyc_73f3_firmware	—	cpe:2.3:o:amd:epyc_73f3_firmware:-:::::::*
amd	epyc_7401_firmware	—	cpe:2.3:o:amd:epyc_7401_firmware:-:::::::*
amd	epyc_7401p_firmware	—	cpe:2.3:o:amd:epyc_7401p_firmware:-:::::::*
amd	epyc_7402_firmware	—	cpe:2.3:o:amd:epyc_7402_firmware:-:::::::*
amd	epyc_7402p_firmware	—	cpe:2.3:o:amd:epyc_7402p_firmware:-:::::::*
amd	epyc_7413_firmware	—	cpe:2.3:o:amd:epyc_7413_firmware:-:::::::*
amd	epyc_7443_firmware	—	cpe:2.3:o:amd:epyc_7443_firmware:-:::::::*
amd	epyc_7443p_firmware	—	cpe:2.3:o:amd:epyc_7443p_firmware:-:::::::*
amd	epyc_7451_firmware	—	cpe:2.3:o:amd:epyc_7451_firmware:-:::::::*
amd	epyc_7452_firmware	—	cpe:2.3:o:amd:epyc_7452_firmware:-:::::::*
amd	epyc_7453_firmware	—	cpe:2.3:o:amd:epyc_7453_firmware:-:::::::*
amd	epyc_7473x_firmware	—	cpe:2.3:o:amd:epyc_7473x_firmware:-:::::::*
amd	epyc_74f3_firmware	—	cpe:2.3:o:amd:epyc_74f3_firmware:-:::::::*
amd	epyc_7501_firmware	—	cpe:2.3:o:amd:epyc_7501_firmware:-:::::::*
amd	epyc_7502_firmware	—	cpe:2.3:o:amd:epyc_7502_firmware:-:::::::*
amd	epyc_7502p_firmware	—	cpe:2.3:o:amd:epyc_7502p_firmware:-:::::::*
amd	epyc_7513_firmware	—	cpe:2.3:o:amd:epyc_7513_firmware:-:::::::*
amd	epyc_7532_firmware	—	cpe:2.3:o:amd:epyc_7532_firmware:-:::::::*
amd	epyc_7542_firmware	—	cpe:2.3:o:amd:epyc_7542_firmware:-:::::::*
amd	epyc_7543_firmware	—	cpe:2.3:o:amd:epyc_7543_firmware:-:::::::*
amd	epyc_7543p_firmware	—	cpe:2.3:o:amd:epyc_7543p_firmware:-:::::::*
amd	epyc_7551_firmware	—	cpe:2.3:o:amd:epyc_7551_firmware:-:::::::*
amd	epyc_7551p_firmware	—	cpe:2.3:o:amd:epyc_7551p_firmware:-:::::::*
amd	epyc_7552_firmware	—	cpe:2.3:o:amd:epyc_7552_firmware:-:::::::*
amd	epyc_7573x_firmware	—	cpe:2.3:o:amd:epyc_7573x_firmware:-:::::::*
amd	epyc_75f3_firmware	—	cpe:2.3:o:amd:epyc_75f3_firmware:-:::::::*
amd	epyc_7601_firmware	—	cpe:2.3:o:amd:epyc_7601_firmware:-:::::::*
amd	epyc_7642_firmware	—	cpe:2.3:o:amd:epyc_7642_firmware:-:::::::*
amd	epyc_7643_firmware	—	cpe:2.3:o:amd:epyc_7643_firmware:-:::::::*
amd	epyc_7662_firmware	—	cpe:2.3:o:amd:epyc_7662_firmware:-:::::::*
amd	epyc_7663_firmware	—	cpe:2.3:o:amd:epyc_7663_firmware:-:::::::*
amd	epyc_7702_firmware	—	cpe:2.3:o:amd:epyc_7702_firmware:-:::::::*
amd	epyc_7702p_firmware	—	cpe:2.3:o:amd:epyc_7702p_firmware:-:::::::*
amd	epyc_7713_firmware	—	cpe:2.3:o:amd:epyc_7713_firmware:-:::::::*
amd	epyc_7713p_firmware	—	cpe:2.3:o:amd:epyc_7713p_firmware:-:::::::*
amd	epyc_7742_firmware	—	cpe:2.3:o:amd:epyc_7742_firmware:-:::::::*
amd	epyc_7763_firmware	—	cpe:2.3:o:amd:epyc_7763_firmware:-:::::::*
amd	epyc_7773x_firmware	—	cpe:2.3:o:amd:epyc_7773x_firmware:-:::::::*
amd	epyc_7f32_firmware	—	cpe:2.3:o:amd:epyc_7f32_firmware:-:::::::*
amd	epyc_7f52_firmware	—	cpe:2.3:o:amd:epyc_7f52_firmware:-:::::::*
amd	epyc_7f72_firmware	—	cpe:2.3:o:amd:epyc_7f72_firmware:-:::::::*
amd	epyc_7h12_firmware	—	cpe:2.3:o:amd:epyc_7h12_firmware:-:::::::*
amd	ryzen_3_2200u_firmware	—	cpe:2.3:o:amd:ryzen_3_2200u_firmware:-:::::::*
amd	ryzen_3_2300u_firmware	—	cpe:2.3:o:amd:ryzen_3_2300u_firmware:-:::::::*
amd	ryzen_3_3100_firmware	—	cpe:2.3:o:amd:ryzen_3_3100_firmware:-:::::::*
amd	ryzen_3_3200u_firmware	—	cpe:2.3:o:amd:ryzen_3_3200u_firmware:-:::::::*
amd	ryzen_3_3250u_firmware	—	cpe:2.3:o:amd:ryzen_3_3250u_firmware:-:::::::*
amd	ryzen_3_3300g_firmware	—	cpe:2.3:o:amd:ryzen_3_3300g_firmware:-:::::::*
amd	ryzen_3_3300u_firmware	—	cpe:2.3:o:amd:ryzen_3_3300u_firmware:-:::::::*
amd	ryzen_3_3300x_firmware	—	cpe:2.3:o:amd:ryzen_3_3300x_firmware:-:::::::*
amd	ryzen_3_3350u_firmware	—	cpe:2.3:o:amd:ryzen_3_3350u_firmware:-:::::::*
amd	ryzen_3_3450u_firmware	—	cpe:2.3:o:amd:ryzen_3_3450u_firmware:-:::::::*
amd	ryzen_3_3500c_firmware	—	cpe:2.3:o:amd:ryzen_3_3500c_firmware:-:::::::*
amd	ryzen_3_3500u_firmware	—	cpe:2.3:o:amd:ryzen_3_3500u_firmware:-:::::::*

References for CVE-2021-46778

URL	Tags
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039	Vendor Advisory

URL

CVE-2021-46778

Exploit prediction scoring system (EPSS) score for CVE-2021-46778

Common vulnerability scoring system (CVSS) metrics for CVE-2021-46778

Weakness enumeration for CVE-2021-46778

OS Trackers for CVE-2021-46778

Affected software / configurations for CVE-2021-46778

References for CVE-2021-46778