{"api_version":"1","generated_at":"2026-04-22T22:04:02+00:00","cve":"CVE-2021-26313","urls":{"html":"https://cve.report/CVE-2021-26313","api":"https://cve.report/api/cve/CVE-2021-26313.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-26313","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-26313"},"summary":{"title":"CVE-2021-26313","description":"Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.","state":"PUBLIC","assigner":"psirt@amd.com","published_at":"2021-06-09 12:15:00","updated_at":"2022-08-01 12:41:00"},"problem_types":["CWE-203"],"metrics":[],"references":[{"url":"http://www.openwall.com/lists/oss-security/2021/06/10/11","name":"[oss-security] 20210610 Re: Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass","refsource":"MLIST","tags":[],"title":"oss-security - Re: Xen Security Advisory 375 v3\n (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2021/06/09/2","name":"[oss-security] 20210609 Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass","refsource":"MLIST","tags":[],"title":"oss-security - Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) -\n Speculative Code Store Bypass","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2021/dsa-4931","name":"DSA-4931","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-4931-1 xen","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2021/06/10/1","name":"[oss-security] 20210610 Xen Security Advisory 375 v4 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass","refsource":"MLIST","tags":[],"title":"oss-security - Xen Security Advisory 375 v4 (CVE-2021-0089,CVE-2021-26313) -\n Speculative Code Store Bypass","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H36U6CNREC436W6GYO7QUMJIVEA35SCV/","name":"FEDORA-2021-41d4347447","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: xen-4.14.2-2.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2021/06/10/10","name":"[oss-security] 20210610 Re: Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass","refsource":"MLIST","tags":[],"title":"oss-security - Re: Xen Security Advisory 375 v3\n (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://xenbits.xen.org/xsa/advisory-375.html","name":"http://xenbits.xen.org/xsa/advisory-375.html","refsource":"CONFIRM","tags":[],"title":"XSA-375 - Xen Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202107-30","name":"GLSA-202107-30","refsource":"GENTOO","tags":[],"title":"Xen: Multiple vulnerabilities (GLSA 202107-30) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003","name":"https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003","refsource":"MISC","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB/","name":"FEDORA-2021-993693c914","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 33 Update: xen-4.14.2-2.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-26313","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-26313","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"26313","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"amd","cpe5":"ryzen_5_5600x","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"26313","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"amd","cpe5":"ryzen_7_2700x","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"26313","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"amd","cpe5":"ryzen_threadripper_2990wx","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"26313","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arm","cpe5":"cortex-a72","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"26313","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"broadcom","cpe5":"bcm2711","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"26313","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"26313","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"intel","cpe5":"core_i7-10700k","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"26313","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"intel","cpe5":"core_i7-7700k","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"26313","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"intel","cpe5":"core_i9-9900k","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"26313","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"intel","cpe5":"xeon_silver_4214","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"26313","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"xen","cpe5":"xen","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-26313","qid":"178672","title":"Debian Security Update for xen (DSA 4931-1)"},{"cve":"CVE-2021-26313","qid":"180049","title":"Debian Security Update for xen (CVE-2021-26313)"},{"cve":"CVE-2021-26313","qid":"281644","title":"Fedora Security Update for xen (FEDORA-2021-993693c914)"},{"cve":"CVE-2021-26313","qid":"281645","title":"Fedora Security Update for xen (FEDORA-2021-41d4347447)"},{"cve":"CVE-2021-26313","qid":"377778","title":"Citrix XenServer Security Updates (CTX316324)"},{"cve":"CVE-2021-26313","qid":"390221","title":"Oracle Managed Virtualization (VM) Server for x86 Security Update for xen (OVMSA-2021-0020)"},{"cve":"CVE-2021-26313","qid":"390231","title":"Oracle Managed Virtualization (VM) Server for x86 Security Update for xen (OVMSA-2021-0020)"},{"cve":"CVE-2021-26313","qid":"710038","title":"Gentoo Linux Xen Multiple vulnerabilities (GLSA 202107-30)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@amd.com","DATE_PUBLIC":"2021-06-08T19:30:00.000Z","ID":"CVE-2021-26313","STATE":"PUBLIC","TITLE":"AMD Speculative Code Store Bypass"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"All supported processors","version":{"version_data":[{"version_affected":"<","version_value":" "}]}}]},"vendor_name":"AMD"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage."}]},"generator":{"engine":"Vulnogram 0.0.9"},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-208 Information Exposure Through Timing Discrepancy"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003","name":"https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003"}]},"source":{"advisory":"AMD-SB-1003","discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2021-06-09 12:15:00","lastModifiedDate":"2022-08-01 12:41:00","problem_types":["CWE-203"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:amd:ryzen_5_5600x:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:amd:ryzen_7_2700x:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:amd:ryzen_threadripper_2990wx:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:broadcom:bcm2711:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:intel:core_i7-7700k:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:intel:xeon_silver_4214:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:intel:core_i9-9900k:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:intel:core_i7-10700k:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"26313","Ordinal":"201332","Title":"CVE-2021-26313","CVE":"CVE-2021-26313","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"26313","Ordinal":"1","NoteData":"Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"26313","Ordinal":"2","NoteData":"2021-06-09","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"26313","Ordinal":"3","NoteData":"2021-10-13","Type":"Other","Title":"Modified"}]}}}