Lucene search

K
cve[email protected]CVE-2021-26314
HistoryJun 09, 2021 - 12:15 p.m.

CVE-2021-26314

2021-06-0912:15:07
CWE-208
CWE-203
web.nvd.nist.gov
26
11
cve-2021-26314
floating point value injection
cpu products
speculative execution
data leakage
nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

28.9%

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.

Affected configurations

NVD
Node
xenxen
AND
amdryzen_5_5600xMatch-
OR
amdryzen_7_2700xMatch-
OR
amdryzen_threadripper_2990wxMatch-
Node
armcortex-a72Match-
OR
broadcombcm2711Match-
Node
intelcore_i7-10700kMatch-
OR
intelcore_i7-7700kMatch-
OR
intelcore_i9-9900kMatch-
OR
intelxeon_silver_4214Match-
Node
fedoraprojectfedoraMatch33
OR
fedoraprojectfedoraMatch34
CPENameOperatorVersion
xen:xenxeneq*

CNA Affected

[
  {
    "product": "All supported processors",
    "vendor": "AMD",
    "versions": [
      {
        "lessThan": "undefined",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

28.9%