CVE-2021-26314
MEDIUMXen - Observable Timing Discrepancy via Floating Point Value Injection
Title source: llmDescription
Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_misc
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/06/09/2
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/06/10/1
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H36U6CNREC436W6GYO7QUMJIVEA35SCV/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB/
Scores
CVSS v3
5.5
EPSS
0.0061
EPSS Percentile
44.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-208
CWE-203
Status
published
Products (9)
arm/cortex-a72
broadcom/bcm2711
fedoraproject/fedora
33
fedoraproject/fedora
34
intel/core_i7-10700k
intel/core_i7-7700k
intel/core_i9-9900k
intel/xeon_silver_4214
xen/xen
Published
Jun 09, 2021
Tracked Since
Feb 18, 2026