CVE-2021-26313 - Vulnerability Details - OpenCVE

Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00078.

Key SSVC decision points have not yet been added.

Vendors	Products
Amd	Ryzen 5 5600x Ryzen 7 2700x Ryzen Threadripper 2990wx
Arm	Cortex-a72
Broadcom	Bcm2711
Debian	Debian Linux
Intel	Core I7-10700k Core I7-7700k Core I9-9900k Xeon Silver 4214
Xen	Xen

Configuration 1 [-]

AND

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:amd:ryzen_5_5600x:-:::::::*
	cpe:2.3:h:amd:ryzen_7_2700x:-:::::::*
	cpe:2.3:h:amd:ryzen_threadripper_2990wx:-:::::::*

Configuration 2 [-]

OR	cpe:2.3:h:arm:cortex-a72:-:::::::*
	cpe:2.3:h:broadcom:bcm2711:-:::::::*

Configuration 3 [-]

OR	cpe:2.3:h:intel:core_i7-10700k:-:::::::*
	cpe:2.3:h:intel:core_i7-7700k:-:::::::*
	cpe:2.3:h:intel:core_i9-9900k:-:::::::*
	cpe:2.3:h:intel:xeon_silver_4214:-:::::::*

Configuration 4 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

No data.

No data.

References

Link	Providers
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003

History

No history.

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2021-06-09T11:23:37.970519Z

Updated: 2024-09-16T19:41:53.615Z

Reserved: 2021-01-29T00:00:00

Link: CVE-2021-26313

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-06-09T12:15:07.750

Modified: 2024-11-21T05:56:04.417

Link: CVE-2021-26313

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "All supported processors", "vendor": "AMD", "versions": [{"lessThan": "undefined", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-06-08T00:00:00", "descriptions": [{"lang": "en", "value": "Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-208", "description": "CWE-208 Information Exposure Through Timing Discrepancy", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-13T18:15:09", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003"}], "source": {"advisory": "AMD-SB-1003", "discovery": "EXTERNAL"}, "title": "AMD Speculative Code Store Bypass", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2021-06-08T19:30:00.000Z", "ID": "CVE-2021-26313", "STATE": "PUBLIC", "TITLE": "AMD Speculative Code Store Bypass"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "All supported processors", "version": {"version_data": [{"version_affected": "<", "version_value": ""}]}}]}, "vendor_name": "AMD"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-208 Information Exposure Through Timing Discrepancy"}]}]}, "references": {"reference_data": [{"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003"}]}, "source": {"advisory": "AMD-SB-1003", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:19:20.403Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003"}]}]}, "cveMetadata": {"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26313", "datePublished": "2021-06-09T11:23:37.970519Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T19:41:53.615Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "matchCriteriaId": "C2B9CCC2-BAC5-4A65-B8D4-4B71EBBA0C2F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amd:ryzen_5_5600x:-:*:*:*:*:*:*:*", "matchCriteriaId": "6FD86A5C-A9A9-4C84-91D9-54F2516E8487", "vulnerable": false}, {"criteria": "cpe:2.3:h:amd:ryzen_7_2700x:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD6DE86B-DAAA-4A3B-9FFF-0583D5CB1B1E", "vulnerable": false}, {"criteria": "cpe:2.3:h:amd:ryzen_threadripper_2990wx:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1B5369B-DFFE-4A84-8894-513AE7FC7C6C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*", "matchCriteriaId": "16E23102-964E-485D-8EFF-4B1BBFE6EDE4", "vulnerable": true}, {"criteria": "cpe:2.3:h:broadcom:bcm2711:-:*:*:*:*:*:*:*", "matchCriteriaId": "0DC0C7D8-18F4-43B4-A8CA-8183022DF0FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:intel:core_i7-10700k:-:*:*:*:*:*:*:*", "matchCriteriaId": "6CC9312B-40A7-4D4A-A61C-3BA865C29F63", "vulnerable": true}, {"criteria": "cpe:2.3:h:intel:core_i7-7700k:-:*:*:*:*:*:*:*", "matchCriteriaId": "913BBEFF-49E7-42AF-A850-B49E5A12AB98", "vulnerable": true}, {"criteria": "cpe:2.3:h:intel:core_i9-9900k:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C3257F5-CA55-4F35-9D09-5B85253DE786", "vulnerable": true}, {"criteria": "cpe:2.3:h:intel:xeon_silver_4214:-:*:*:*:*:*:*:*", "matchCriteriaId": "E1B4F7FE-61A3-417A-BAA9-E686A76F3A94", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage."}, {"lang": "es", "value": "Una potencial omisi\u00f3n de almacenamiento de c\u00f3digo especulativo en todos los productos de CPU compatibles, junto con las vulnerabilidades de software relacionadas con la ejecuci\u00f3n especulativa de instrucciones sobrescritas, puede causar una especulaci\u00f3n inapropiada y podr\u00eda resultar en una filtraci\u00f3n de datos"}], "id": "CVE-2021-26313", "lastModified": "2024-11-21T05:56:04.417", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-09T12:15:07.750", "references": [{"source": "psirt@amd.com", "tags": ["Vendor Advisory"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003"}], "sourceIdentifier": "psirt@amd.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-208"}], "source": "psirt@amd.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}]}