CVE-2025-50897 — MEDIUM (4.3)

Vulnerability Description

A vulnerability exists in riscv-boom SonicBOOM 1.2 (BOOMv1.2) processor implementation, where valid virtual-to-physical address translations configured with write permissions (PTE_W) in SV39 mode may incorrectly trigger a Store/AMO access fault during store instructions (sd). This occurs despite the presence of proper page table entries and valid memory access modes. The fault is reproducible when transitioning into virtual memory and attempting store operations in mapped kernel memory, indicating a potential flaw in the MMU, PMP, or memory access enforcement logic. This may cause unexpected kernel panics or denial of service in systems using BOOMv1.2.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Boom-Core	Boomv	1.2

Related Weaknesses (CWE)

CWE-434 CWE-693 CWE-284

References

https://github.com/LuLuji04/POC-Boomv1.2ExploitThird Party Advisory
https://github.com/riscv-boom/riscv-boomProduct
https://github.com/riscv-software-src/riscv-isa-simProduct

FAQ

What is CVE-2025-50897?

CVE-2025-50897 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability exists in riscv-boom SonicBOOM 1.2 (BOOMv1.2) processor implementation, where valid virtual-to-physical address translations configured with write permissions (PTE_W) in SV39 mode may ...

How severe is CVE-2025-50897?

CVE-2025-50897 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-50897?

Check the references section above for vendor advisories and patch information. Affected products include: Boom-Core Boomv.