Description

A vulnerability exists in riscv-boom SonicBOOM 1.2 (BOOMv1.2) processor implementation, where valid virtual-to-physical address translations configured with write permissions (PTE_W) in SV39 mode may incorrectly trigger a Store/AMO access fault during store instructions (sd). This occurs despite the presence of proper page table entries and valid memory access modes. The fault is reproducible when transitioning into virtual memory and attempting store operations in mapped kernel memory, indicating a potential flaw in the MMU, PMP, or memory access enforcement logic. This may cause unexpected kernel panics or denial of service in systems using BOOMv1.2.

INFO

Published Date :

2025-08-19T00:00:00.000Z

Last Modified :

2025-08-19T18:20:07.257Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-50897 vulnerability.

Vendors Products
Boom-core
  • Boomv
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-50897.

URL Resource
https://github.com/LuLuji04/POC-Boomv1.2 cve-icon cve-icon
https://github.com/riscv-boom/riscv-boom cve-icon cve-icon
https://github.com/riscv-software-src/riscv-isa-sim cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact