CVE-2025-63384
BaseFortify
Publication date: 2025-11-10
Last updated on: 2026-02-05
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chipsalliance | rocketchip | to 1.6 (exc) |
| risc-v | rocket-chip | 1.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in RISC-V Rocket-Chip v1.6 and earlier, where the SRET (Supervisor-mode Exception Return) instruction does not correctly change the processor's privilege level from Machine-mode (M-mode) to Supervisor-mode (S-mode) as intended. Instead, the processor remains in the higher privilege M-mode, causing a critical privilege retention issue.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized retention of high-level privileges (Machine-mode) when the system should have downgraded to a lower privilege level (Supervisor-mode). This can allow malicious code or attackers to maintain elevated privileges, potentially leading to unauthorized access, control over the system, or bypassing security mechanisms.