{ "data_type": "CVE", "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-1104", "ASSIGNER": "psirt@nvidia.com", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "RISCV.org", "product": { "product_data": [ { "product_name": "Machine Trap Base Address (MTVEC) Register", "version": { "version_data": [ { "version_value": "All versions" } ] } } ] } } ] } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "information disclosure, data tampering and denial of service" } ] } ] }, "references": { "reference_data": [ { "refsource": "CONFIRM", "name": "https://riscv.org/news/2021/08/video-glitching-risc-v-chips-mtvec-corruption-for-hardening-isa-adam-zabrocki-and-alex-matrosov-def-con-29/", "url": "https://riscv.org/news/2021/08/video-glitching-risc-v-chips-mtvec-corruption-for-hardening-isa-adam-zabrocki-and-alex-matrosov-def-con-29/" } ] }, "description": { "description_data": [ { "lang": "eng", "value": "The RISC-V Instruction Set Manual contains a documented ambiguity for the Machine Trap Vector Base Address (MTVEC) register that may lead to a vulnerability due to the initial state of the register not being defined, potentially leading to information disclosure, data tampering and denial of service." } ] } }