CVE-2021-26314: AMD Speculative execution with Floating-Point Value Injection
First published: Wed Jun 09 2021(Updated: )
Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.
Credit: psirt@amd.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xen Xen | ||
| Amd Ryzen 5 5600x | ||
| Amd Ryzen 7 2700x | ||
| Amd Ryzen Threadripper 2990wx | ||
| Arm Cortex-a72 | ||
| Broadcom Bcm2711 | ||
| Intel Core I7-10700k | ||
| Intel Core I7-7700k | ||
| Intel Core I9-9900k | ||
| Intel Xeon Silver 4214 | ||
| Fedoraproject Fedora | =33 | |
| Fedoraproject Fedora | =34 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2021/06/09/2
- http://www.openwall.com/lists/oss-security/2021/06/10/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H36U6CNREC436W6GYO7QUMJIVEA35SCV/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB/
- https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H36U6CNREC436W6GYO7QUMJIVEA35SCV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB/
Frequently Asked Questions
What is CVE-2021-26314?
CVE-2021-26314 refers to a potential floating point value injection vulnerability found in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results.
Which software products are affected by CVE-2021-26314?
Xen Xen, Arm Cortex-a72, Broadcom Bcm2711, Intel Core I7-10700k, Intel Core I7-7700k, Intel Core I9-9900k, Intel Xeon Silver 4214, and Fedoraproject Fedora versions 33 and 34 are affected by CVE-2021-26314.
What is the severity rating of CVE-2021-26314?
CVE-2021-26314 has a severity rating of 5.5 (Medium).
How can I mitigate CVE-2021-26314?
Apply the necessary software patches and updates provided by the respective software vendors to mitigate CVE-2021-26314.
Where can I find more information about CVE-2021-26314?
You can find more information about CVE-2021-26314 at the following references: [Reference 1](http://www.openwall.com/lists/oss-security/2021/06/09/2), [Reference 2](http://www.openwall.com/lists/oss-security/2021/06/10/1), [Reference 3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H36U6CNREC436W6GYO7QUMJIVEA35SCV/).
- collector/nvd-index
- agent/type
- agent/weakness
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/author
- agent/references
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/xen
- canonical/xen xen
- vendor/amd
- canonical/amd ryzen 5 5600x
- canonical/amd ryzen 7 2700x
- canonical/amd ryzen threadripper 2990wx
- vendor/arm
- canonical/arm cortex-a72
- vendor/broadcom
- canonical/broadcom bcm2711
- vendor/intel
- canonical/intel core i7-10700k
- canonical/intel core i7-7700k
- canonical/intel core i9-9900k
- canonical/intel xeon silver 4214
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33
- version/fedoraproject fedora/34