Open-Source RISC-V Processor Improper Privileged Status Bit Retention Vulnerability

Vulnerability

A vulnerability exists in the Open-Source RISC-V Processor, specifically in the Rocket Chip repository, commit f517abb. The issue arises from improper retention of the mstatus.SUM bit, which remains non-zero, violating privileged specification constraints. This flaw could enable physical memory access attacks.

Impact

Exploitation of this vulnerability could lead to unauthorized physical memory access.

Added: Jul 1, 2025, 9:03 PM

Updated: Jul 1, 2025, 9:03 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Open-Source RISC-V Processor Improper Privileged Status Bit Retention Vulnerability

Vulnerability

Impact

Affected Products

chipsalliance/rocket-chip

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating