CVE-2021-1104
CRITICALRISC-V Instruction Set Manual - Use of Uninitialized Resource in MTVEC Register
Title source: llmDescription
The RISC-V Instruction Set Manual contains a documented ambiguity for the Machine Trap Vector Base Address (MTVEC) register that may lead to a vulnerability due to the initial state of the register not being defined, potentially leading to information disclosure, data tampering and denial of service.
References (1)
Core 1
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://riscv.org/news/2021/08/video-glitching-risc-v-chips-mtvec-corruption-for-hardening-isa-adam-zabrocki-and-alex-matrosov-def-con-29/
Scores
CVSS v3
9.8
EPSS
0.0166
EPSS Percentile
73.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-908
Status
published
Products (1)
risc-v/instruction_set_manual
Published
Aug 13, 2021
Tracked Since
Feb 18, 2026