CVE-2025-56301

An issue was discovered in Chipsalliance Rocket-Chip commit f517abbf41abb65cea37421d3559f9739efd00a9 (2025-01-29) allowing attackers to corrupt exception handling and privilege state transitions via a flawed interaction between exception handling and MRET return mechanisms in the CSR logic when an exception is triggered during MRET execution. The Control and Status Register (CSR) logic has a flawed interaction between exception handling and exception return (MRET) mechanisms which can cause faulty trap behavior. When the MRET instruction is executed in machine mode without being in an exception state, an Instruction Access Fault may be triggered. This results in both the exception handling logic and the exception return logic activating simultaneously, leading to conflicting updates to the control and status registers.

An issue was discovered in Chipsalliance Rocket-Chip commit f517abbf41abb65cea37421d3559f9739efd00a9 (2025-01-29) allowing attackers to corrupt exception handling and privilege state transitions via a flawed interaction between exception handling and MRET return mechanisms in the CSR logic when an exception is triggered during MRET execution. The Control and Status Register (CSR) logic has a flawed interaction between exception handling and exception return (MRET) mechanisms which can cause faulty trap behavior. When the MRET instruction is executed in machine mode without being in an exception state, an Instruction Access Fault may be triggered. This results in both the exception handling logic and the exception return logic activating simultaneously, leading to conflicting updates to the control and status registers.

Se descubrió un problema en Chipsalliance Rocket-Chip commit f517abbf41abb65cea37421d3559f9739efd00a9 (2025-01-29) que permite a los atacantes corromper el manejo de excepciones y las transiciones de estado de privilegio a través de una interacción defectuosa entre el manejo de excepciones y los mecanismos de retorno MRET en la lógica del CSR cuando se activa una excepción durante la ejecución de MRET. La lógica del Registro de Control y Estado (CSR) tiene una interacción defectuosa entre los mecanismos de manejo de excepciones y de retorno de excepciones (MRET), lo que puede causar un comportamiento de trampa defectuoso. Cuando la instrucción MRET se ejecuta en modo máquina sin estar en un estado de excepción, se puede activar una Falla de Acceso a Instrucción. Esto resulta en que tanto la lógica de manejo de excepciones como la lógica de retorno de excepciones se activen simultáneamente, lo que lleva a actualizaciones conflictivas en los registros de control y estado.