CVE-2021-26314 — Observable Timing Discrepancy in AMD ALL Supported Processors

CWE-208 — Observable Timing Discrepancy CWE-203 — Observable Discrepancy CWE-668 — Resource Exposure3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 74.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD ALL Supported Processors Fedoraproject Fedora

Timeline

PublishedJun 9

Latest updateMay 24

Description

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶CVEListV5amd/all_supported_processorsunspecified — undefined

Also affects: Fedora 33, 34

🔴Vulnerability Details

GHSA

GHSA-92cv-8jc7-jrpm: Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution↗2022-05-24

▶

OSV

CVE-2021-26314: Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution↗2021-06-09

▶