CVE-2021-26313

Description

Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.

How to fix CVE-2021-26313

To remediate CVE-2021-26313, upgrade the affected package to a fixed version below.

Debian/xen—upgrade to 4.14.2+25-gb6a8c4f72d-1 or later

Is CVE-2021-26313 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 4.14.2+25-gb6a8c4f72d-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2021-26313