← Back to CVEs
CVE-2021-40507
CRITICAL9.8
Description
An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 1200) processor 2011-09-10 through 2015-11-11. The overflow flag is not being updated correctly for the subtract instruction, which results in an incorrect value in the overflow flag. Any software that relies on this flag may experience corruption in execution.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published4/18/2023
Last Modified2/6/2025
Sourcenvd
Honeypot Sightings0
Affected Products
openrisc:or1200openrisc:or1200_firmware
Weaknesses (CWE)
CWE-287CWE-287
References
https://seth.engr.tamu.edu/software-releases/thehuzz/(cve@mitre.org)
https://github.com/openrisc/or1200/commit/2c0765d7ba12813df273cd693a99c4e744f0fbd5(af854a3a-2127-422b-91ae-364da2661108)
https://seth.engr.tamu.edu/software-releases/thehuzz/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.