Vulnerability Description
A vulnerability has been found in riscv-boom SonicBOOM up to 2.2.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component L1 Data Cache Handler. The manipulation leads to observable timing discrepancy. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Boom-Core | Risvc-Boom | <= 2.2.3 |
Related Weaknesses (CWE)
References
- https://github.com/fizz-is-on-the-way/vuls_cpu/tree/master/MSHRushBroken Link
- https://vuldb.com/?ctiid.319297Permissions RequiredVDB Entry
- https://vuldb.com/?id.319297Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.625550Third Party AdvisoryVDB Entry
- https://github.com/fizz-is-on-the-way/vuls_cpu/tree/master/MSHRushBroken Link
FAQ
What is CVE-2025-8774?
CVE-2025-8774 is a vulnerability with a CVSS score of 2.5 (LOW). A vulnerability has been found in riscv-boom SonicBOOM up to 2.2.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component L1 Data Cache Handler. The...
How severe is CVE-2025-8774?
CVE-2025-8774 has been rated LOW with a CVSS base score of 2.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-8774?
Check the references section above for vendor advisories and patch information. Affected products include: Boom-Core Risvc-Boom.