CVE-2021-26313
Publication date 9 June 2021
Last updated 11 July 2025
Ubuntu priority
Description
Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| xen | 26.04 LTS resolute |
Needs evaluation
|
| 25.10 questing |
Needs evaluation
|
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal | Ignored end of standard support, was needs-triage | |
| 18.04 LTS bionic | Ignored end of standard support, was needs-triage | |
Notes
mdeslaur
hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.5 · Medium
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
References
Other references
- https://xenbits.xen.org/xsa/advisory-375.html
- https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003
- http://www.openwall.com/lists/oss-security/2021/06/09/2
- http://xenbits.xen.org/xsa/advisory-375.html
- http://www.openwall.com/lists/oss-security/2021/06/10/1
- http://www.openwall.com/lists/oss-security/2021/06/10/11
- http://www.openwall.com/lists/oss-security/2021/06/10/10
- https://www.cve.org/CVERecord?id=CVE-2021-26313