CVE-2021-26313

Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:amd:ryzen_5_5600x:-:::::::*
	cpe:2.3:h:amd:ryzen_7_2700x:-:::::::*
	cpe:2.3:h:amd:ryzen_threadripper_2990wx:-:::::::*

Configuration 2 (hide)

OR	cpe:2.3:h:arm:cortex-a72:-:::::::*
	cpe:2.3:h:broadcom:bcm2711:-:::::::*

Configuration 3 (hide)

OR	cpe:2.3:h:intel:core_i7-10700k:-:::::::*
	cpe:2.3:h:intel:core_i7-7700k:-:::::::*
	cpe:2.3:h:intel:core_i9-9900k:-:::::::*
	cpe:2.3:h:intel:xeon_silver_4214:-:::::::*

Configuration 4 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-06-09 12:15

Updated : 2022-08-01 12:41

NVD link : CVE-2021-26313

Mitre link : CVE-2021-26313

CVE.ORG link : CVE-2021-26313

JSON object : View

Products Affected

xen

xen

arm

cortex-a72

intel

core_i7-10700k
core_i7-7700k
core_i9-9900k
xeon_silver_4214

broadcom

bcm2711

amd

ryzen_threadripper_2990wx
ryzen_5_5600x
ryzen_7_2700x

debian

debian_linux

CWE

CWE-203

Observable Discrepancy

CWE-208

Observable Timing Discrepancy

{"id": "CVE-2021-26313", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2021-06-09T12:15:07.750", "references": [{"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003", "tags": ["Vendor Advisory"], "source": "psirt@amd.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-203"}]}, {"type": "Secondary", "source": "psirt@amd.com", "description": [{"lang": "en", "value": "CWE-208"}]}], "descriptions": [{"lang": "en", "value": "Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage."}, {"lang": "es", "value": "Una potencial omisi\u00f3n de almacenamiento de c\u00f3digo especulativo en todos los productos de CPU compatibles, junto con las vulnerabilidades de software relacionadas con la ejecuci\u00f3n especulativa de instrucciones sobrescritas, puede causar una especulaci\u00f3n inapropiada y podr\u00eda resultar en una filtraci\u00f3n de datos"}], "lastModified": "2022-08-01T12:41:58.077", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2B9CCC2-BAC5-4A65-B8D4-4B71EBBA0C2F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:amd:ryzen_5_5600x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6FD86A5C-A9A9-4C84-91D9-54F2516E8487"}, {"criteria": "cpe:2.3:h:amd:ryzen_7_2700x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CD6DE86B-DAAA-4A3B-9FFF-0583D5CB1B1E"}, {"criteria": "cpe:2.3:h:amd:ryzen_threadripper_2990wx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B1B5369B-DFFE-4A84-8894-513AE7FC7C6C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16E23102-964E-485D-8EFF-4B1BBFE6EDE4"}, {"criteria": "cpe:2.3:h:broadcom:bcm2711:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DC0C7D8-18F4-43B4-A8CA-8183022DF0FB"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:core_i7-10700k:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CC9312B-40A7-4D4A-A61C-3BA865C29F63"}, {"criteria": "cpe:2.3:h:intel:core_i7-7700k:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "913BBEFF-49E7-42AF-A850-B49E5A12AB98"}, {"criteria": "cpe:2.3:h:intel:core_i9-9900k:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C3257F5-CA55-4F35-9D09-5B85253DE786"}, {"criteria": "cpe:2.3:h:intel:xeon_silver_4214:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1B4F7FE-61A3-417A-BAA9-E686A76F3A94"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@amd.com"}