CVE-2025-56301

Oct. 1, 2025, 8:18 p.m.

7.5
High

Description

An issue was discovered in Chipsalliance Rocket-Chip commit f517abbf41abb65cea37421d3559f9739efd00a9 (2025-01-29) allowing attackers to corrupt exception handling and privilege state transitions via a flawed interaction between exception handling and MRET return mechanisms in the CSR logic when an exception is triggered during MRET execution. The Control and Status Register (CSR) logic has a flawed interaction between exception handling and exception return (MRET) mechanisms which can cause faulty trap behavior. When the MRET instruction is executed in machine mode without being in an exception state, an Instruction Access Fault may be triggered. This results in both the exception handling logic and the exception return logic activating simultaneously, leading to conflicting updates to the control and status registers.

Product(s) Impacted

Vendor Product Versions
Chipsalliance
  • Rocket-chip
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-1281
Sequence of Processor Instructions Leads to Unexpected Behavior
Specific combinations of processor instructions lead to undesirable behavior such as locking the processor until a hard reset performed.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a chipsalliance rocket-chip / / / / / / / /

References

https://github.com/chipsalliance/rocket-chip
https://github.com/chipsalliance/rocket-chip/blob/f517abbf41abb65cea37421d3559f9739efd00a9/src/main/scala/rocket/CSR.scala
https://github.com/chipsalliance/rocket-chip/blob/master/src/main/scala/rocket/CSR.scala
https://github.com/heyfenny/Vulnerability_disclosure/blob/main/RISCV/Rocket-chip/CVE-2025-56301/details.md
https://lf-riscv.atlassian.net/wiki/spaces/HOME/pages/16154769/RISC-V+Technical+Specifications#ISA-Specifications

Tags

cve@mitre.org
CWE-1281
2025-09-30
CVE-2025-56301

CVSS Score

7.5 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    View Vector String

Timeline

Published: Sept. 30, 2025, 3:15 p.m.
Last Modified: Oct. 1, 2025, 8:18 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.