CVE-2021-26313

Published Jun 9, 2021

Last updated 2 years ago

Overview

Description: Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.
Source: psirt@amd.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-203
psirt@amd.com: CWE-208

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2B9CCC2-BAC5-4A65-B8D4-4B71EBBA0C2F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:amd:ryzen_5_5600x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6FD86A5C-A9A9-4C84-91D9-54F2516E8487"
          },
          {
            "criteria": "cpe:2.3:h:amd:ryzen_7_2700x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CD6DE86B-DAAA-4A3B-9FFF-0583D5CB1B1E"
          },
          {
            "criteria": "cpe:2.3:h:amd:ryzen_threadripper_2990wx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B1B5369B-DFFE-4A84-8894-513AE7FC7C6C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16E23102-964E-485D-8EFF-4B1BBFE6EDE4"
          },
          {
            "criteria": "cpe:2.3:h:broadcom:bcm2711:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DC0C7D8-18F4-43B4-A8CA-8183022DF0FB"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:intel:core_i7-10700k:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CC9312B-40A7-4D4A-A61C-3BA865C29F63"
          },
          {
            "criteria": "cpe:2.3:h:intel:core_i7-7700k:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "913BBEFF-49E7-42AF-A850-B49E5A12AB98"
          },
          {
            "criteria": "cpe:2.3:h:intel:core_i9-9900k:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C3257F5-CA55-4F35-9D09-5B85253DE786"
          },
          {
            "criteria": "cpe:2.3:h:intel:xeon_silver_4214:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1B4F7FE-61A3-417A-BAA9-E686A76F3A94"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References