CVE-2025-45006

Published: Jul 1, 2025Modified: Jul 3, 2025

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Exploitability: 3.9 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Improper mstatus.SUM bit retention (non-zero) in Open-Source RISC-V Processor commit f517abb violates privileged spec constraints, enabling potential physical memory access attacks.

Related CWEs

CWE-266

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

References (3)

https://github.com/chipsalliance/rocket-chip.git

Source: cve@mitre.org

https://github.com/heyfenny/Vulnerability_disclosure/blob/main/RISCV/Rocket-chip/CVE-2025-45006/details.md

Source: cve@mitre.org

https://lf-riscv.atlassian.net/wiki/spaces/HOME/pages/16154769/RISC-V+Technical+Specifications#ISA-Specifications

Source: cve@mitre.org

Timeline

No history available yet.