Details of VAR-202106-1423

ID

VAR-202106-1423

CVE

CVE-2021-26314

TITLE

plural CPU Vulnerability in leaking resources to the wrong area in the product

Trust: 0.8

sources: JVNDB: JVNDB-2021-007903

DESCRIPTION

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage. plural CPU The product contains a vulnerability related to the leakage of resources to the wrong area.Information may be obtained. Intel Processors (Intel processors) are Intel Corporation's processors that interpret computer instructions and process data in computer software. There are information disclosure vulnerabilities in Intel Processors and AMD CPUs, which originate from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components

Trust: 1.71

sources: NVD: CVE-2021-26314 // JVNDB: JVNDB-2021-007903 // VULHUB: VHN-385384

AFFECTED PRODUCTS

vendor:	intel	model:	xeon silver 4214	scope:	eq	version:	-	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	34	Trust: 1.0
vendor:	broadcom	model:	bcm2711	scope:	eq	version:	-	Trust: 1.0
vendor:	xen	model:	xen	scope:	eq	version:	*	Trust: 1.0
vendor:	intel	model:	core i9-9900k	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	core i7-10700k	scope:	eq	version:	-	Trust: 1.0
vendor:	arm	model:	cortex-a72	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	core i7-7700k	scope:	eq	version:	-	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	33	Trust: 1.0
vendor:	broadcom	model:	bcm2711	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel xenon silver 4214	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel core i9-9900k	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel core i7-10700k	scope:	-	version:	-	Trust: 0.8
vendor:	arm	model:	cortex-a72	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel core i7-7700k	scope:	-	version:	-	Trust: 0.8
vendor:	xen プロジェクト	model:	xen	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-007903 // NVD: CVE-2021-26314

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-26314
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-26314
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202106-621
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-385384
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-26314
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-385384
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-26314
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-26314
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-385384 // JVNDB: JVNDB-2021-007903 // CNNVD: CNNVD-202106-621 // NVD: CVE-2021-26314

PROBLEMTYPE DATA

problemtype:	CWE-203	Trust: 1.0
problemtype:	CWE-208	Trust: 1.0
problemtype:	Leakage of resources to the wrong area (CWE-668) [NVD Evaluation ]	Trust: 0.8
problemtype:	CWE-668	Trust: 0.1

sources: VULHUB: VHN-385384 // JVNDB: JVNDB-2021-007903 // NVD: CVE-2021-26314

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-621

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202106-621

PATCH

title:	Top Page Intel Intel	url:	https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003	Trust: 0.8
title:	Intel Processors Repair measures for information disclosure vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=154845	Trust: 0.6

sources: JVNDB: JVNDB-2021-007903 // CNNVD: CNNVD-202106-621

EXTERNAL IDS

db:	NVD	id:	CVE-2021-26314	Trust: 3.3
db:	OPENWALL	id:	OSS-SECURITY/2021/06/09/2	Trust: 2.5
db:	OPENWALL	id:	OSS-SECURITY/2021/06/10/1	Trust: 1.7
db:	JVNDB	id:	JVNDB-2021-007903	Trust: 0.8
db:	LENOVO	id:	LEN-60191	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-621	Trust: 0.6
db:	VULHUB	id:	VHN-385384	Trust: 0.1

sources: VULHUB: VHN-385384 // JVNDB: JVNDB-2021-007903 // CNNVD: CNNVD-202106-621 // NVD: CVE-2021-26314

REFERENCES

url:	http://www.openwall.com/lists/oss-security/2021/06/09/2	Trust: 2.5
url:	https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2021/06/10/1	Trust: 1.7
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/h36u6cnrec436w6gyo7qumjivea35scv/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sva2ny26mmxoodumyzn5dcu3fxmbmbob/	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2021-26314	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/h36u6cnrec436w6gyo7qumjivea35scv/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sva2ny26mmxoodumyzn5dcu3fxmbmbob/	Trust: 0.7
url:	https://support.lenovo.com/us/en/product_security/len-60191	Trust: 0.6

sources: VULHUB: VHN-385384 // JVNDB: JVNDB-2021-007903 // CNNVD: CNNVD-202106-621 // NVD: CVE-2021-26314

SOURCES

db:	VULHUB	id:	VHN-385384
db:	JVNDB	id:	JVNDB-2021-007903
db:	CNNVD	id:	CNNVD-202106-621
db:	NVD	id:	CVE-2021-26314

LAST UPDATE DATE

2024-08-14T13:13:49.137000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-385384	date:	2022-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2021-007903	date:	2022-02-25T08:59:00
db:	CNNVD	id:	CNNVD-202106-621	date:	2023-07-03T00:00:00
db:	NVD	id:	CVE-2021-26314	date:	2023-11-07T03:31:41.703

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-385384	date:	2021-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-007903	date:	2022-02-25T00:00:00
db:	CNNVD	id:	CNNVD-202106-621	date:	2021-06-08T00:00:00
db:	NVD	id:	CVE-2021-26314	date:	2021-06-09T12:15:07.810