CVE-2021-26313: AMD Speculative Code Store Bypass
First published: Tue Jun 08 2021(Updated: )
Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.
Credit: psirt@amd.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/xen | 4.11.4+107-gef32c7afa2-1 4.14.6-1 4.14.5+94-ge49571868d-1 4.17.1+2-gb773c48e36-1 4.17.2+55-g0b56bed864-1 | |
| Xen Xen | ||
| Amd Ryzen 5 5600x | ||
| Amd Ryzen 7 2700x | ||
| Amd Ryzen Threadripper 2990wx | ||
| Arm Cortex-a72 | ||
| Broadcom Bcm2711 | ||
| Intel Core I7-10700k | ||
| Intel Core I7-7700k | ||
| Intel Core I9-9900k | ||
| Intel Xeon Silver 4214 | ||
| Debian Debian Linux | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-26313?
CVE-2021-26313 is a vulnerability that may cause incorrect speculation and result in data leakage due to potential speculative code store bypass in all supported CPU products.
Which software products are affected by CVE-2021-26313?
The affected software products include Xen, Debian Linux (version 10.0), and certain CPU models like Amd Ryzen 5 5600x, Amd Ryzen 7 2700x, Amd Ryzen Threadripper 2990wx, Arm Cortex-a72, Broadcom Bcm2711, Intel Core I7-10700k, Intel Core I7-7700k, Intel Core I9-9900k, and Intel Xeon Silver 4214.
What is the severity of CVE-2021-26313?
CVE-2021-26313 has a severity rating of medium, with a CVSS score of 5.5.
How can I fix CVE-2021-26313?
To mitigate this vulnerability, it is recommended to apply the necessary updates and patches provided by the software vendors, such as Xen and Debian Linux.
Where can I find more information about CVE-2021-26313?
More information about CVE-2021-26313 can be found on the AMD, Xen, and Debian Linux security advisories, as well as on the CVE-2021-26313 page in the Debian Security Tracker.
- collector/security-tracker-debian
- collector/nvd-index
- agent/type
- agent/weakness
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/author
- agent/references
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- package-manager/debian
- vendor/xen
- canonical/xen xen
- vendor/amd
- canonical/amd ryzen 5 5600x
- canonical/amd ryzen 7 2700x
- canonical/amd ryzen threadripper 2990wx
- vendor/arm
- canonical/arm cortex-a72
- vendor/broadcom
- canonical/broadcom bcm2711
- vendor/intel
- canonical/intel core i7-10700k
- canonical/intel core i7-7700k
- canonical/intel core i9-9900k
- canonical/intel xeon silver 4214
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0