CVE-2021-26313 - OpenCVE

Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Amd	Ryzen 7 2700x Ryzen Threadripper 2990wx Ryzen 5 5600x
Intel	Core I9-9900k Core I7-10700k Core I7-7700k Xeon Silver 4214
Arm	Cortex-a72
Debian	Debian Linux
Xen	Xen
Broadcom	Bcm2711

Configuration 1 [-]

AND

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:amd:ryzen_5_5600x:-:::::::*
	cpe:2.3:h:amd:ryzen_7_2700x:-:::::::*
	cpe:2.3:h:amd:ryzen_threadripper_2990wx:-:::::::*

Configuration 2 [-]

OR	cpe:2.3:h:arm:cortex-a72:-:::::::*
	cpe:2.3:h:broadcom:bcm2711:-:::::::*

Configuration 3 [-]

OR	cpe:2.3:h:intel:core_i7-10700k:-:::::::*
	cpe:2.3:h:intel:core_i7-7700k:-:::::::*
	cpe:2.3:h:intel:core_i9-9900k:-:::::::*
	cpe:2.3:h:intel:xeon_silver_4214:-:::::::*

Configuration 4 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

References

Link	Resource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: AMD

Published: 2021-06-08T00:00:00

Updated: 2021-10-13T18:15:09

Reserved: 2021-01-29T00:00:00

Link: CVE-2021-26313

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-06-09T12:15:07.750

Modified: 2022-08-01T12:41:58.077

Link: CVE-2021-26313

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "All supported processors", "vendor": "AMD", "versions": [{"lessThan": "undefined", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-06-08T00:00:00", "descriptions": [{"lang": "en", "value": "Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-208", "description": "CWE-208 Information Exposure Through Timing Discrepancy", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-13T18:15:09", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003"}], "source": {"advisory": "AMD-SB-1003", "discovery": "EXTERNAL"}, "title": "AMD Speculative Code Store Bypass", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2021-06-08T19:30:00.000Z", "ID": "CVE-2021-26313", "STATE": "PUBLIC", "TITLE": "AMD Speculative Code Store Bypass"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "All supported processors", "version": {"version_data": [{"version_affected": "<", "version_value": " "}]}}]}, "vendor_name": "AMD"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-208 Information Exposure Through Timing Discrepancy"}]}]}, "references": {"reference_data": [{"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003"}]}, "source": {"advisory": "AMD-SB-1003", "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26313", "datePublished": "2021-06-08T00:00:00", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2021-10-13T18:15:09", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "matchCriteriaId": "C2B9CCC2-BAC5-4A65-B8D4-4B71EBBA0C2F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:ryzen_5_5600x:-:*:*:*:*:*:*:*", "matchCriteriaId": "6FD86A5C-A9A9-4C84-91D9-54F2516E8487", "vulnerable": false}, {"criteria": "cpe:2.3:h:amd:ryzen_7_2700x:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD6DE86B-DAAA-4A3B-9FFF-0583D5CB1B1E", "vulnerable": false}, {"criteria": "cpe:2.3:h:amd:ryzen_threadripper_2990wx:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1B5369B-DFFE-4A84-8894-513AE7FC7C6C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*", "matchCriteriaId": "16E23102-964E-485D-8EFF-4B1BBFE6EDE4", "vulnerable": true}, {"criteria": "cpe:2.3:h:broadcom:bcm2711:-:*:*:*:*:*:*:*", "matchCriteriaId": "0DC0C7D8-18F4-43B4-A8CA-8183022DF0FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:intel:core_i7-10700k:-:*:*:*:*:*:*:*", "matchCriteriaId": "6CC9312B-40A7-4D4A-A61C-3BA865C29F63", "vulnerable": true}, {"criteria": "cpe:2.3:h:intel:core_i7-7700k:-:*:*:*:*:*:*:*", "matchCriteriaId": "913BBEFF-49E7-42AF-A850-B49E5A12AB98", "vulnerable": true}, {"criteria": "cpe:2.3:h:intel:core_i9-9900k:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C3257F5-CA55-4F35-9D09-5B85253DE786", "vulnerable": true}, {"criteria": "cpe:2.3:h:intel:xeon_silver_4214:-:*:*:*:*:*:*:*", "matchCriteriaId": "E1B4F7FE-61A3-417A-BAA9-E686A76F3A94", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage."}, {"lang": "es", "value": "Una potencial omisi\u00f3n de almacenamiento de c\u00f3digo especulativo en todos los productos de CPU compatibles, junto con las vulnerabilidades de software relacionadas con la ejecuci\u00f3n especulativa de instrucciones sobrescritas, puede causar una especulaci\u00f3n inapropiada y podr\u00eda resultar en una filtraci\u00f3n de datos"}], "id": "CVE-2021-26313", "lastModified": "2022-08-01T12:41:58.077", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-09T12:15:07.750", "references": [{"source": "psirt@amd.com", "tags": ["Vendor Advisory"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003"}], "sourceIdentifier": "psirt@amd.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-208"}], "source": "psirt@amd.com", "type": "Secondary"}]}