CVE-2021-26314

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.

Published: Jun 9, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-26314
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-203
CWE-668

Affected Software
References

Software	From	Fixed in
xen / xen	-	-
fedoraproject / fedora	33	33.x
fedoraproject / fedora	34	34.x

http://www.openwall.com/lists/oss-security/2021/06/09/2
http://www.openwall.com/lists/oss-security/2021/06/10/1
https://lists.fedoraproject.org/archives/list/[email protected]/message/H36U6CNREC436W6GYO7QUMJIVEA35SCV/
https://lists.fedoraproject.org/archives/list/[email protected]/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H36U6CNREC436W6GYO7QUMJIVEA35SCV/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB/
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003

Vulnerability Database

289,697

CVE-2021-26314