exploitDog

CVE-2021-1104

Опубликовано: 13 авг. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The RISC-V Instruction Set Manual contains a documented ambiguity for the Machine Trap Vector Base Address (MTVEC) register that may lead to a vulnerability due to the initial state of the register not being defined, potentially leading to information disclosure, data tampering and denial of service.

Ссылки

https://riscv.org/news/2021/08/video-glitching-risc-v-chips-mtvec-corruption-for-hardening-isa-adam-zabrocki-and-alex-matrosov-def-con-29/
Exploit
Vendor Advisory
https://riscv.org/news/2021/08/video-glitching-risc-v-chips-mtvec-corruption-for-hardening-isa-adam-zabrocki-and-alex-matrosov-def-con-29/
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:risc-v:instruction_set_manual:*:*:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.00566

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-908

Связанные уязвимости

GHSA-5pxp-m22f-2m9x

github

больше 3 лет назад

The RISC-V Instruction Set Manual contains a documented ambiguity for the Machine Trap Vector Base Address (MTVEC) register that may lead to a vulnerability due to the initial state of the register not being defined, potentially leading to information disclosure, data tampering and denial of service.

EPSS

Процентиль: 68%

0.00566

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-908