L1 Data Cache Handler Vulnerability in riscv-boom by Unknown Vendor
CVE-2025-8774

2LOW

Key Information:

Vendor

Riscv-boom

Status
Sonicboom
Vendor
CVE Published:
9 August 2025

What is CVE-2025-8774?

A timing discrepancy vulnerability has been identified in the L1 Data Cache Handler component of riscv-boom SonicBOOM, affecting all versions up to 2.2.3. This flaw allows an attacker with local access to exploit observable discrepancies in timing, which may lead to unauthorized information exposure. The difficulty of executing this attack is high, and it requires a specific set of conditions to succeed. Despite early notifications of this vulnerability, the vendor has not issued a response or provided any remedial measures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SonicBOOM 2.2.0

SonicBOOM 2.2.1

SonicBOOM 2.2.2

References

https://vuldb.com/?id.319297
vdb-entry
https://vuldb.com/?ctiid.319297
signaturepermissions-required
https://vuldb.com/?submit.625550
third-party-advisory

CVSS V4

Score:
2
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

lcyf-fizz (VulDB User)
JSON
.