CVE-2021-26314

Published: Jun 9, 2021Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.

Affected (9)

Products: Xen: Xen · Arm: Cortex A72 · Broadcom: Bcm2711 · +2 more

Show all products

Xen: Xen · Arm: Cortex A72 · Broadcom: Bcm2711 · Intel: Core I7 10700k, Core I7 7700k, Core I9 9900k, Xeon Silver 4214 · Fedoraproject: Fedora

1 product

1 product

1 product

4 products

Xeon Silver 4214

1 product

Configuration A

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Xen Xen	All versions

Running on/with	Platform Versions
Amd Ryzen 5 5600x	All versions
Amd Ryzen 7 2700x	All versions
Amd Ryzen Threadripper 2990wx	All versions

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Arm Cortex A72	All versions
Broadcom Bcm2711	All versions

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Intel Core I7 10700k	All versions
Intel Core I7 7700k	All versions
Intel Core I9 9900k	All versions
Intel Xeon Silver 4214	All versions

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 33
Fedoraproject Fedora	Version 34

Related CWEs

Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

Observable Timing Discrepancy

Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References (10)

http://www.openwall.com/lists/oss-security/2021/06/09/2

Source: psirt@amd.com

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/06/10/1

Source: psirt@amd.com

ExploitMailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H36U6CNREC436W6GYO7QUMJIVEA35SCV/

Source: psirt@amd.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB/

Source: psirt@amd.com

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003

Source: psirt@amd.com

Vendor Advisory

http://www.openwall.com/lists/oss-security/2021/06/09/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/06/10/1

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H36U6CNREC436W6GYO7QUMJIVEA35SCV/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.