CVE-2021-1104

Published: Aug 13, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The RISC-V Instruction Set Manual contains a documented ambiguity for the Machine Trap Vector Base Address (MTVEC) register that may lead to a vulnerability due to the initial state of the register not being defined, potentially leading to information disclosure, data tampering and denial of service.

Affected (1)

Products: Risc V: Instruction Set Manual

1 product

Instruction Set Manual

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Risc V Instruction Set Manual	All versions

Related CWEs

Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

References (2)

https://riscv.org/news/2021/08/video-glitching-risc-v-chips-mtvec-corruption-for-hardening-isa-adam-zabrocki-and-alex-matrosov-def-con-29/

Source: psirt@nvidia.com

ExploitVendor Advisory

https://riscv.org/news/2021/08/video-glitching-risc-v-chips-mtvec-corruption-for-hardening-isa-adam-zabrocki-and-alex-matrosov-def-con-29/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.