CVE-2021-26313 - Exposure of Resource to Wrong Sphere

Severity

55%

Complexity

18%

Confidentiality

60%

Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.

CVSS 3.1 Base Score 5.5. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

CVSS 2.0 Base Score 2.1. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N).

Overview

Type

Intel

First reported 3 years ago

2021-06-09 12:15:00

Last updated 3 years ago

2021-10-13 19:15:00

Affected Software

Intel Core i7-7700K

Intel Core i9-9900K

Intel Xeon Silver 4214

References

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003

[oss-security] 20210609 Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass

http://xenbits.xen.org/xsa/advisory-375.html

[oss-security] 20210610 Xen Security Advisory 375 v4 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass

[oss-security] 20210610 Re: Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass

[oss-security] 20210610 Re: Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003

Vendor Advisory

[oss-security] 20210609 Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass

Mailing List, Third Party Advisory

http://xenbits.xen.org/xsa/advisory-375.html

Patch, Third Party Advisory

[oss-security] 20210610 Xen Security Advisory 375 v4 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass

Exploit, Mailing List, Third Party Advisory

[oss-security] 20210610 Re: Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass

Mailing List, Third Party Advisory

[oss-security] 20210610 Re: Xen Security Advisory 375 v3 (CVE-2021-0089,CVE-2021-26313) - Speculative Code Store Bypass

Mailing List, Third Party Advisory

DSA-4931

Third Party Advisory

FEDORA-2021-41d4347447

FEDORA-2021-993693c914

GLSA-202107-30

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.