CVE-2021-26313

Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.

CVSS v3.0 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:amd:ryzen_5_5600x:-:::::::*
	cpe:2.3:h:amd:ryzen_7_2700x:-:::::::*
	cpe:2.3:h:amd:ryzen_threadripper_2990wx:-:::::::*

Configuration 2 (hide)

OR	cpe:2.3:h:arm:cortex-a72:-:::::::*
	cpe:2.3:h:broadcom:bcm2711:-:::::::*

Configuration 3 (hide)

OR	cpe:2.3:h:intel:core_i7-7700k:-:::::::*
	cpe:2.3:h:intel:xeon_silver_4214:-:::::::*
	cpe:2.3:h:intel:core_i9-9900k:-:::::::*
	cpe:2.3:h:intel:core_i7-10700k:-:::::::*

Configuration 4 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-06-09 12:15

Updated : 2022-08-01 12:41

NVD link : CVE-2021-26313

Mitre link : CVE-2021-26313

JSON object : View

Products Affected

intel

xeon_silver_4214
core_i9-9900k
core_i7-7700k
core_i7-10700k

debian

debian_linux

amd

ryzen_5_5600x
ryzen_7_2700x
ryzen_threadripper_2990wx

broadcom

bcm2711

arm

cortex-a72

xen

xen

CWE

CWE-203

Observable Discrepancy

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003", "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003", "tags": ["Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-203"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-26313", "ASSIGNER": "psirt@amd.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}}, "publishedDate": "2021-06-09T12:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:amd:ryzen_5_5600x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:amd:ryzen_7_2700x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:amd:ryzen_threadripper_2990wx:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:broadcom:bcm2711:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:intel:core_i7-7700k:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_silver_4214:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:core_i9-9900k:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:core_i7-10700k:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-08-01T12:41Z"}