Login Sign Up

CVE-2025-56301

7.5 HIGH

📋 TL;DR

This vulnerability in Rocket-Chip's CSR logic allows attackers to corrupt exception handling and privilege state transitions by triggering an exception during MRET instruction execution. This can lead to privilege escalation or system instability. It affects systems using vulnerable versions of the Rocket-Chip RISC-V processor implementation.

💻 Affected Systems

Products:
  • Chipsalliance Rocket-Chip RISC-V processor implementation
Versions: Commit f517abbf41abb65cea37421d3559f9739efd00a9 (2025-01-29) and potentially earlier versions
Operating Systems: Any OS running on vulnerable Rocket-Chip hardware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems using the vulnerable CSR.scala implementation in machine mode operation.

📦 What is this software?

Rocket Chip by Chipsalliance

View all CVEs affecting Rocket Chip →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Privilege escalation from user mode to machine mode, allowing complete system compromise and arbitrary code execution at highest privilege level.

🟠

Likely Case

System instability, crashes, or privilege escalation in multi-tenant environments where untrusted code runs on vulnerable hardware.

🟢

If Mitigated

Limited impact if systems run only trusted code or have additional hardware security mechanisms.

🌐 Internet-Facing: LOW - This is a hardware/processor-level vulnerability requiring local code execution.
🏢 Internal Only: MEDIUM - Could be exploited by malicious insiders or compromised internal systems running vulnerable hardware.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires detailed knowledge of RISC-V architecture and ability to execute arbitrary code on target system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check latest Rocket-Chip repository commits after 2025-01-29

Vendor Advisory: https://github.com/chipsalliance/rocket-chip

Restart Required: Yes

Instructions:

1. Update to latest Rocket-Chip repository version. 2. Recompile and redeploy hardware designs. 3. Update firmware/software to use patched hardware.

🔧 Temporary Workarounds

Avoid MRET in machine mode

all

Modify software to avoid using MRET instruction in machine mode where possible

N/A - Requires code modifications

Exception handler hardening

all

Implement additional checks in exception handlers to detect corrupted state

N/A - Requires firmware/software modifications

🧯 If You Can't Patch

  • Isolate systems with vulnerable hardware from untrusted networks and users
  • Implement strict access controls and monitoring on systems using vulnerable hardware

🔍 How to Verify

Check if Vulnerable:

Check Rocket-Chip commit hash: git log --oneline | grep f517abbf41abb65cea37421d3559f9739efd00a9

Check Version:

git log --oneline -1

Verify Fix Applied:

Verify using updated commit: git log --oneline | head -20 to confirm newer commits are present

📡 Detection & Monitoring

Log Indicators:

  • Multiple simultaneous exception handling events
  • Unexpected privilege mode changes
  • System crashes during exception handling

Network Indicators:

  • N/A - Local hardware vulnerability

SIEM Query:

Search for: 'exception fault during MRET' OR 'privilege escalation attempt' OR 'CSR corruption'

📊 Metadata

CVE ID: CVE-2025-56301
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-1281
EPSS Score: 0.16% exploit probability (37.1th percentile)
Published: September 30, 2025
Last Updated: October 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-56301, you might also want to check these:

CVE-2023-23583 8.8

CVE-2023-23583 is a hardware vulnerability in certain Intel processors where specific instruction se...

Same vulnerability type (CWE-1281)