{"api_version":"1","generated_at":"2026-04-23T11:34:50+00:00","cve":"CVE-2021-41612","urls":{"html":"https://cve.report/CVE-2021-41612","api":"https://cve.report/api/cve/CVE-2021-41612.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-41612","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-41612"},"summary":{"title":"CVE-2021-41612","description":"An issue was discovered in the ALU unit of the OpenRISC mor1kx processor. The carry flag is not being updated correctly for the subtract instruction, which results in an incorrect value of the carry flag. Any software that relies on this flag may experience corruption in execution.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2023-04-18 12:15:00","updated_at":"2023-04-27 19:46:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://seth.engr.tamu.edu/software-releases/thehuzz/","name":"https://seth.engr.tamu.edu/software-releases/thehuzz/","refsource":"MISC","tags":[],"title":"New vulnerabilities detected by our hardware fuzzer, TheHuzz","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/openrisc/mor1kx/issues/139","name":"https://github.com/openrisc/mor1kx/issues/139","refsource":"MISC","tags":[],"title":"The carry flag implementation is not correct for subtract instructions · Issue #139 · openrisc/mor1kx · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-41612","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41612","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"41612","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"openrisc","cpe5":"mor1kx","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"41612","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"openrisc","cpe5":"mor1kx_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2021-41612","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in the ALU unit of the OpenRISC mor1kx processor. The carry flag is not being updated correctly for the subtract instruction, which results in an incorrect value of the carry flag. Any software that relies on this flag may experience corruption in execution."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://github.com/openrisc/mor1kx/issues/139","refsource":"MISC","name":"https://github.com/openrisc/mor1kx/issues/139"},{"refsource":"MISC","name":"https://seth.engr.tamu.edu/software-releases/thehuzz/","url":"https://seth.engr.tamu.edu/software-releases/thehuzz/"}]}},"nvd":{"publishedDate":"2023-04-18 12:15:00","lastModifiedDate":"2023-04-27 19:46:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:openrisc:mor1kx_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:openrisc:mor1kx:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"41612","Ordinal":"217414","Title":"CVE-2021-41612","CVE":"CVE-2021-41612","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"41612","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}