CVE-2021-40507

CRITICAL

OpenRISC OR1200 Firmware 2011-09-10-2015-11-11 - Incorrect Overflow Flag Update in ALU Subtract Instruction

Title source: llm

Description

An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 1200) processor 2011-09-10 through 2015-11-11. The overflow flag is not being updated correctly for the subtract instruction, which results in an incorrect value in the overflow flag. Any software that relies on this flag may experience corruption in execution.

References (2)

Core 2

Core References

Patch

https://github.com/openrisc/or1200/commit/2c0765d7ba12813df273cd693a99c4e744f0fbd5

View Patch ZIP pw:eip

Third Party Advisory

https://seth.engr.tamu.edu/software-releases/thehuzz/

Scores

CVSS v3 9.8

EPSS 0.0073

EPSS Percentile 49.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-287

Status published

Products (1)

openrisc/or1200_firmware 2011-09-10 - 2015-11-11

Published Apr 18, 2023

Tracked Since Feb 18, 2026