{"api_version":"1","generated_at":"2026-04-23T11:34:58+00:00","cve":"CVE-2021-40507","urls":{"html":"https://cve.report/CVE-2021-40507","api":"https://cve.report/api/cve/CVE-2021-40507.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-40507","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-40507"},"summary":{"title":"CVE-2021-40507","description":"An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 1200) processor 2011-09-10 through 2015-11-11. The overflow flag is not being updated correctly for the subtract instruction, which results in an incorrect value in the overflow flag. Any software that relies on this flag may experience corruption in execution.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2023-04-18 12:15:00","updated_at":"2023-04-27 15:41:00"},"problem_types":["CWE-287"],"metrics":[],"references":[{"url":"https://seth.engr.tamu.edu/software-releases/thehuzz/","name":"https://seth.engr.tamu.edu/software-releases/thehuzz/","refsource":"MISC","tags":[],"title":"New vulnerabilities detected by our hardware fuzzer, TheHuzz","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/openrisc/or1200/commit/2c0765d7ba12813df273cd693a99c4e744f0fbd5","name":"https://github.com/openrisc/or1200/commit/2c0765d7ba12813df273cd693a99c4e744f0fbd5","refsource":"MISC","tags":[],"title":"or1200: add carry, overflow bits, and range exception · openrisc/or1200@2c0765d · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-40507","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-40507","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"40507","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"openrisc","cpe5":"or1200","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"40507","vulnerable":"1","versionEndIncluding":"2015-11-11","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"openrisc","cpe5":"or1200_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2021-40507","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 1200) processor 2011-09-10 through 2015-11-11. The overflow flag is not being updated correctly for the subtract instruction, which results in an incorrect value in the overflow flag. Any software that relies on this flag may experience corruption in execution."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://github.com/openrisc/or1200/commit/2c0765d7ba12813df273cd693a99c4e744f0fbd5","refsource":"MISC","name":"https://github.com/openrisc/or1200/commit/2c0765d7ba12813df273cd693a99c4e744f0fbd5"},{"refsource":"MISC","name":"https://seth.engr.tamu.edu/software-releases/thehuzz/","url":"https://seth.engr.tamu.edu/software-releases/thehuzz/"}]}},"nvd":{"publishedDate":"2023-04-18 12:15:00","lastModifiedDate":"2023-04-27 15:41:00","problem_types":["CWE-287"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:openrisc:or1200_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"2011-09-10","versionEndIncluding":"2015-11-11","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:openrisc:or1200:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"40507","Ordinal":"216245","Title":"CVE-2021-40507","CVE":"CVE-2021-40507","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"40507","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}