Unspecified Initial State of MTVEC Register in RISC-V Instruction Set Manual: A Potential Vulnerability for Information Disclosure and Data Tampering

CVE-2021-1104 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The RISC-V Instruction Set Manual contains a documented ambiguity for the Machine Trap Vector Base Address (MTVEC) register that may lead to a vulnerability due to the initial state of the register not being defined, potentially leading to information disclosure, data tampering and denial of service.

Learn more about our Web Application Penetration Testing UK.