{"containers": {"cna": {"affected": [{"product": "All supported processors", "vendor": "AMD", "versions": [{"lessThan": "undefined", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-06-08T00:00:00", "descriptions": [{"lang": "en", "value": "Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-208", "description": "CWE-208 Information Exposure Through Timing Discrepancy", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-17T02:06:09", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003"}, {"name": "[oss-security] 20210609 Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/06/09/2"}, {"name": "[oss-security] 20210610 Xen Security Advisory 375 v4 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/06/10/1"}, {"name": "FEDORA-2021-41d4347447", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H36U6CNREC436W6GYO7QUMJIVEA35SCV/"}, {"name": "FEDORA-2021-993693c914", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB/"}], "source": {"advisory": "AMD-SB-1003", "discovery": "EXTERNAL"}, "title": "AMD Speculative execution with Floating-Point Value Injection", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2021-06-08T19:30:00.000Z", "ID": "CVE-2021-26314", "STATE": "PUBLIC", "TITLE": "AMD Speculative execution with Floating-Point Value Injection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "All supported processors", "version": {"version_data": [{"version_affected": "<", "version_value": " "}]}}]}, "vendor_name": "AMD"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-208 Information Exposure Through Timing Discrepancy"}]}]}, "references": {"reference_data": [{"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003"}, {"name": "[oss-security] 20210609 Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/06/09/2"}, {"name": "[oss-security] 20210610 Xen Security Advisory 375 v4 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/06/10/1"}, {"name": "FEDORA-2021-41d4347447", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H36U6CNREC436W6GYO7QUMJIVEA35SCV/"}, {"name": "FEDORA-2021-993693c914", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB/"}]}, "source": {"advisory": "AMD-SB-1003", "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26314", "datePublished": "2021-06-08T00:00:00", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2021-06-17T02:06:09", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "matchCriteriaId": "C2B9CCC2-BAC5-4A65-B8D4-4B71EBBA0C2F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:ryzen_5_5600x:-:*:*:*:*:*:*:*", "matchCriteriaId": "6FD86A5C-A9A9-4C84-91D9-54F2516E8487", "vulnerable": false}, {"criteria": "cpe:2.3:h:amd:ryzen_7_2700x:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD6DE86B-DAAA-4A3B-9FFF-0583D5CB1B1E", "vulnerable": false}, {"criteria": "cpe:2.3:h:amd:ryzen_threadripper_2990wx:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1B5369B-DFFE-4A84-8894-513AE7FC7C6C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*", "matchCriteriaId": "16E23102-964E-485D-8EFF-4B1BBFE6EDE4", "vulnerable": true}, {"criteria": "cpe:2.3:h:broadcom:bcm2711:-:*:*:*:*:*:*:*", "matchCriteriaId": "0DC0C7D8-18F4-43B4-A8CA-8183022DF0FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:intel:core_i7-10700k:-:*:*:*:*:*:*:*", "matchCriteriaId": "6CC9312B-40A7-4D4A-A61C-3BA865C29F63", "vulnerable": true}, {"criteria": "cpe:2.3:h:intel:core_i7-7700k:-:*:*:*:*:*:*:*", "matchCriteriaId": "913BBEFF-49E7-42AF-A850-B49E5A12AB98", "vulnerable": true}, {"criteria": "cpe:2.3:h:intel:core_i9-9900k:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C3257F5-CA55-4F35-9D09-5B85253DE786", "vulnerable": true}, {"criteria": "cpe:2.3:h:intel:xeon_silver_4214:-:*:*:*:*:*:*:*", "matchCriteriaId": "E1B4F7FE-61A3-417A-BAA9-E686A76F3A94", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage."}, {"lang": "es", "value": "Una inyecci\u00f3n de valor de punto flotante potencial en todos los productos de CPU compatibles, junto con las vulnerabilidades de software relacionadas con la ejecuci\u00f3n especulativa con resultados de punto flotante incorrectos, puede causar el uso de datos incorrectos de FPVI y puede resultar en una filtraci\u00f3n de datos"}], "id": "CVE-2021-26314", "lastModified": "2023-11-07T03:31:41.703", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-09T12:15:07.810", "references": [{"source": "psirt@amd.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/06/09/2"}, {"source": "psirt@amd.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/06/10/1"}, {"source": "psirt@amd.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H36U6CNREC436W6GYO7QUMJIVEA35SCV/"}, {"source": "psirt@amd.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB/"}, {"source": "psirt@amd.com", "tags": ["Vendor Advisory"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003"}], "sourceIdentifier": "psirt@amd.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-208"}], "source": "psirt@amd.com", "type": "Secondary"}]}

{}