Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00516
HistoryJun 08, 2021 - 12:00 a.m.

Intel® Processors Software Developer Guidance Advisory

2021-06-0800:00:00
Intel Security Center
www.intel.com
13
JSON

Summary:

Potential security vulnerabilities in some Intel® Processors may allow information disclosure.** **Intel is releasing updated software developer prescriptive guidance to address these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2021-0086

Description: Observable response discrepancy in floating-point operations for some Intel® Processors may allow an authorized user to potentially enable information disclosure via local access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVEID: CVE-2021-0089

Description: Observable response discrepancy in some Intel® Processors may allow an authorized user to potentially enable information disclosure via local access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected Products:

All Intel® Processor families.

Recommendations:

For CVE-2021-0086 Intel recommends that affected software including web browser JavaScript engine that runs on Intel® Processors follow one of the below guidelines:

• Process isolation.

• Use alternatives to NaN-boxing techniques (eg. Dedicated type tag).

• Constraining FP results before potential type-confused usage.

Additional technical details can be found here.

For CVE-2021-0089 Intel recommends that affected software that runs on Intel® Processors follow one of the below guidelines:

• Process isolation.

• Place serializing operations between code gen and execution.

• Place LFENCE-semantic operations between code gen and execution.

• Options include LFENCE, SYSCALL/SYSRET

Additional technical details can be found here.

Acknowledgements:

Intel would like to thank Enrico Barberis, Hany Ragab, Herbert Bos, and Cristiano Giuffrida from the VUSec group at VU Amsterdam for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

f5 1
nessus 15
lenovo 1
prion 2
cve 2
veracode 1
osv 2
ubuntucve 1
debiancve 1
fedora 2
openvas 13
xen 1
ics 1
citrix 1
debian 1
suse 2
gentoo 1
f5
f5
K41043270 : Intel processor vulnerabilities CVE-2021-0086 and CVE-2021-0089
2021-09-08 00:00:00
nessus
nessus
F5 Networks BIG-IP : Intel processor vulnerabilities (K41043270)
2021-10-28 00:00:00
Debian DSA-4931-1 : xen - security update
2021-06-16 00:00:00
OracleVM 3.4 : xen (OVMSA-2021-0020)
2021-06-28 00:00:00
lenovo
lenovo
Speculative Code Store Bypass (SCSB) and Floating-Point Value Injection (FPVI) Advisory - Lenovo Support NL
2021-06-08 19:07:29
prion
prion
Information disclosure
2021-06-09 20:15:00
Information disclosure
2021-06-09 20:15:00
cve
cve
CVE-2021-0086
2021-06-09 20:15:00
CVE-2021-0089
2021-06-09 20:15:00
veracode
veracode
Information Disclosure
2021-06-09 19:08:32
osv
osv
CVE-2021-0089
2021-06-09 20:15:08
xen - security update
2021-06-15 00:00:00
ubuntucve
ubuntucve
CVE-2021-0089
2021-06-09 00:00:00
debiancve
debiancve
CVE-2021-0089
2021-06-09 20:15:00
fedora
fedora
[SECURITY] Fedora 34 Update: xen-4.14.2-2.fc34
2021-06-16 20:55:04
[SECURITY] Fedora 33 Update: xen-4.14.2-2.fc33
2021-06-17 01:12:18
openvas
openvas
Fedora: Security Advisory for xen (FEDORA-2021-41d4347447)
2021-06-17 00:00:00
Fedora: Security Advisory for xen (FEDORA-2021-993693c914)
2021-06-17 00:00:00
Debian: Security Advisory (DSA-4931-1)
2021-06-17 00:00:00
xen
xen
Speculative Code Store Bypass
2021-06-08 17:00:00
ics
ics
Mitsubishi Electric Factory Automation Products
2023-05-02 12:00:00
citrix
citrix
Citrix Hypervisor Security Update
2021-06-09 14:55:13
debian
debian
[SECURITY] [DSA 4931-1] xen security update
2021-06-15 20:52:49
suse
suse
Security update for xen (important)
2021-09-02 00:00:00
Security update for xen (important)
2021-09-07 00:00:00
gentoo
gentoo
Xen: Multiple vulnerabilities
2021-07-12 00:00:00
JSON
Related for INTEL:INTEL-SA-00516
f51nessus15lenovo1prion2cve2veracode1osv2ubuntucve1debiancve1fedora2openvas13xen1ics1citrix1debian1suse2gentoo1