CVE-2021-26314

MEDIUM

CPU Products - Info Disclosure

Title source: llm

Description

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.

References (5)

[Vendor Advisory] https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2021/06/09/2

[Exploit, Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2021/06/10/1

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H36U6CNREC436W6GYO7QUMJIVEA35SCV/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB/

Scores

CVSS v3 5.5

EPSS 0.0009

EPSS Percentile 25.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-208 CWE-203

Status published

Products (9)

arm/cortex-a72

broadcom/bcm2711

fedoraproject/fedora 33

fedoraproject/fedora 34

intel/core_i7-10700k

intel/core_i7-7700k

intel/core_i9-9900k

intel/xeon_silver_4214

xen/xen

Published Jun 09, 2021

Tracked Since Feb 18, 2026