← Back

CVE-2025-50897

nvd nist
Published: Aug 19, 2025Modified: Oct 17, 2025

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 0.7 / Impact: 3.6
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A vulnerability exists in riscv-boom SonicBOOM 1.2 (BOOMv1.2) processor implementation, where valid virtual-to-physical address translations configured with write permissions (PTE_W) in SV39 mode may incorrectly trigger a Store/AMO access fault during store instructions (sd). This occurs despite the presence of proper page table entries and valid memory access modes. The fault is reproducible when transitioning into virtual memory and attempting store operations in mapped kernel memory, indicating a potential flaw in the MMU, PMP, or memory access enforcement logic. This may cause unexpected kernel panics or denial of service in systems using BOOMv1.2.

Affected (1)

Products: Boom Core: Boomv
Boom Core
1 product
Boomv
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Boomv
Version 1.2

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
CWE-693
Protection Mechanism Failure
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

References (3)

Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
Product
Source: cve@mitre.org
Product

Timeline

No history available yet.