CVE-2025-8774

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-8774
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8774.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-8774
Published
2025-08-09T21:15:25.650Z
Modified
2026-03-14T15:05:20.763758Z
Severity
  • 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A vulnerability has been found in riscv-boom SonicBOOM up to 2.2.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component L1 Data Cache Handler. The manipulation leads to observable timing discrepancy. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected packages

Git / github.com/riscv-boom/riscv-boom

Affected ranges

Type
GIT
Repo
https://github.com/riscv-boom/riscv-boom
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a88fe70c81c33fb4773d52a529633029fa6eb9af
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.3"
        }
    ]
}

Affected versions

2.*
2.2.2
2.2.3
v1.*
v1.0
v2.*
v2.0
v2.0.1
v2.1.0
v2.1.1
v2.2.0
v2.2.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8774.json"