Vulnerabilities > CVE-2021-1104 - Use of Uninitialized Resource vulnerability in Risc-V Instruction SET Manual

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

risc-v

CWE-908

critical

NVD

Published: 2021-08-13

Updated: 2021-08-23

Summary

The RISC-V Instruction Set Manual contains a documented ambiguity for the Machine Trap Vector Base Address (MTVEC) register that may lead to a vulnerability due to the initial state of the register not being defined, potentially leading to information disclosure, data tampering and denial of service.

Vulnerable Configurations

Part	Description	Count
Application	Risc-V Risc V Instruction SET Manual *	1

Common Weakness Enumeration (CWE)

CWE-908 - Use of Uninitialized Resource

References

https://riscv.org/news/2021/08/video-glitching-risc-v-chips-mtvec-corruption-for-hardening-isa-adam-zabrocki-and-alex-matrosov-def-con-29/