CVE-2021-41613

{"id": "CVE-2021-41613", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2023-04-18T12:15:07.393", "references": [{"url": "https://github.com/openrisc/mor1kx/issues/141", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://seth.engr.tamu.edu/software-releases/thehuzz/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/openrisc/mor1kx/issues/141", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://seth.engr.tamu.edu/software-releases/thehuzz/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The write logic of Exception Effective Address Register (EEAR) is not implemented correctly. User programs from authorized privilege levels will be unable to write to EEAR."}], "lastModified": "2024-11-21T06:26:31.397", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:openrisc:mor1kx_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FF76CF3-B897-4EBC-9560-AD45017EA68F", "versionEndExcluding": "5.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:openrisc:mor1kx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "50F3984D-18C3-44C7-B77C-AC431ECD60CB"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}