CVE-2021-26314

Name: CVE-2021-26314
Creator: NVD / NIST
Published: 2021-06-09T12:15:07.81+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.5/10EPSS 0.61%

Last modified Jun 17, 2026

CVE-2021-26314 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.. EPSS estimates a 0.61% chance of exploitation in the next 30 days.

Description

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.

Metrics

CVSS 3.1

5.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

0.61%

44.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Xen	Xen	All versions
Arm	Cortex-A72	All versions
Broadcom	Bcm2711	All versions
Intel	Core I7-10700k	All versions
Intel	Core I7-7700k	All versions
Intel	Core I9-9900k	All versions
Intel	Xeon Silver 4214	All versions
Fedoraproject	Fedora	33
Fedoraproject	Fedora	34

References

http://www.openwall.com/lists/oss-security/2021/06/09/2Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/06/10/1Exploit, Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H36U6CNREC436W6GYO7QUMJIVEA35SCV/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB/
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003Vendor Advisory
http://www.openwall.com/lists/oss-security/2021/06/09/2Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/06/10/1Exploit, Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H36U6CNREC436W6GYO7QUMJIVEA35SCV/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB/
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003Vendor Advisory

Timeline

Published: Jun 9, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-26314?

How severe is CVE-2021-26314?

CVE-2021-26314 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 0.61% probability of exploitation in the next 30 days.

How do I fix CVE-2021-26314?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-26314?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST