Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-45006

Improper mstatus.SUM bit retention (non-zero) in Open-Source RISC-V Processor commit f517abb violates privileged spec constraints, enabling potential physical memory access attacks.

Published

2025-07-01T20:15:24.993

Last Modified

2025-07-03T15:14:12.767

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 9.1 (CRITICAL)

Weaknesses

Type: Secondary
CWE-266

Affected Vendors & Products

References

https://github.com/chipsalliance/rocket-chip.git ([email protected])
https://github.com/heyfenny/Vulnerability_disclosure/blob/main/RISCV/Rocket-chip/CVE-2025-45006/details.md ([email protected])
https://lf-riscv.atlassian.net/wiki/spaces/HOME/pages/16154769/RISC-V+Technical+Specifications#ISA-Specifications ([email protected])