Vulnerability Details CVE-2025-63384
A vulnerability was discovered in RISC-V Rocket-Chip v1.6 and before implementation where the SRET (Supervisor-mode Exception Return) instruction fails to correctly transition the processor's privilege level. Instead of downgrading from Machine-mode (M-mode) to Supervisor-mode (S-mode) as specified by the sstatus.SPP bit, the processor incorrectly remains in M-mode, leading to a critical privilege retention vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.6%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2025-63384
-
cpe:2.3:a:chipsalliance:rocketchip:*