{"api_version":"1","generated_at":"2026-04-22T22:03:49+00:00","cve":"CVE-2021-26314","urls":{"html":"https://cve.report/CVE-2021-26314","api":"https://cve.report/api/cve/CVE-2021-26314.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-26314","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-26314"},"summary":{"title":"CVE-2021-26314","description":"Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.","state":"PUBLIC","assigner":"psirt@amd.com","published_at":"2021-06-09 12:15:00","updated_at":"2023-11-07 03:31:00"},"problem_types":["CWE-203"],"metrics":[],"references":[{"url":"http://www.openwall.com/lists/oss-security/2021/06/09/2","name":"[oss-security] 20210609 Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass","refsource":"MLIST","tags":[],"title":"oss-security - Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) -\n Speculative Code Store Bypass","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2021/06/10/1","name":"[oss-security] 20210610 Xen Security Advisory 375 v4 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass","refsource":"MLIST","tags":[],"title":"oss-security - Xen Security Advisory 375 v4 (CVE-2021-0089,CVE-2021-26313) -\n Speculative Code Store Bypass","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB/","name":"FEDORA-2021-993693c914","refsource":"","tags":[],"title":"[SECURITY] Fedora 33 Update: xen-4.14.2-2.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H36U6CNREC436W6GYO7QUMJIVEA35SCV/","name":"FEDORA-2021-41d4347447","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: xen-4.14.2-2.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H36U6CNREC436W6GYO7QUMJIVEA35SCV/","name":"FEDORA-2021-41d4347447","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: xen-4.14.2-2.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003","name":"https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003","refsource":"MISC","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB/","name":"FEDORA-2021-993693c914","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 33 Update: xen-4.14.2-2.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-26314","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-26314","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"26314","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"amd","cpe5":"ryzen_5_5600x","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"26314","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"amd","cpe5":"ryzen_7_2700x","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"26314","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"amd","cpe5":"ryzen_threadripper_2990wx","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"26314","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arm","cpe5":"cortex-a72","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"26314","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"broadcom","cpe5":"bcm2711","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"26314","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"26314","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"26314","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"intel","cpe5":"core_i7-10700k","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"26314","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"intel","cpe5":"core_i7-7700k","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"26314","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"intel","cpe5":"core_i9-9900k","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"26314","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"intel","cpe5":"xeon_silver_4214","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"26314","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"xen","cpe5":"xen","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-26314","qid":"281644","title":"Fedora Security Update for xen (FEDORA-2021-993693c914)"},{"cve":"CVE-2021-26314","qid":"281645","title":"Fedora Security Update for xen (FEDORA-2021-41d4347447)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@amd.com","DATE_PUBLIC":"2021-06-08T19:30:00.000Z","ID":"CVE-2021-26314","STATE":"PUBLIC","TITLE":"AMD Speculative execution with Floating-Point Value Injection"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"All supported processors","version":{"version_data":[{"version_affected":"<","version_value":" "}]}}]},"vendor_name":"AMD"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage."}]},"generator":{"engine":"Vulnogram 0.0.9"},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-208 Information Exposure Through Timing Discrepancy"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003","name":"https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003"},{"refsource":"MLIST","name":"[oss-security] 20210609 Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass","url":"http://www.openwall.com/lists/oss-security/2021/06/09/2"},{"refsource":"MLIST","name":"[oss-security] 20210610 Xen Security Advisory 375 v4 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass","url":"http://www.openwall.com/lists/oss-security/2021/06/10/1"},{"refsource":"FEDORA","name":"FEDORA-2021-41d4347447","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H36U6CNREC436W6GYO7QUMJIVEA35SCV/"},{"refsource":"FEDORA","name":"FEDORA-2021-993693c914","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB/"}]},"source":{"advisory":"AMD-SB-1003","discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2021-06-09 12:15:00","lastModifiedDate":"2023-11-07 03:31:00","problem_types":["CWE-203"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:amd:ryzen_5_5600x:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:amd:ryzen_7_2700x:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:amd:ryzen_threadripper_2990wx:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:broadcom:bcm2711:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:intel:core_i7-7700k:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:intel:xeon_silver_4214:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:intel:core_i9-9900k:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:intel:core_i7-10700k:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"26314","Ordinal":"201333","Title":"CVE-2021-26314","CVE":"CVE-2021-26314","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"26314","Ordinal":"1","NoteData":"Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"26314","Ordinal":"2","NoteData":"2021-06-09","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"26314","Ordinal":"3","NoteData":"2021-06-16","Type":"Other","Title":"Modified"}]}}}