CVE-2025-50897

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-50897
A vulnerability exists in riscv-boom SonicBOOM 1.2 (BOOMv1.2) processor implementation, where valid virtual-to-physical address translations configured with write permissions (PTE_W) in SV39 mode may incorrectly trigger a Store/AMO access fault during store instructions (sd). This occurs despite the presence of proper page table entries and valid memory access modes. The fault is reproducible when transitioning into virtual memory and attempting store operations in mapped kernel memory, indicating a potential flaw in the MMU, PMP, or memory access enforcement logic. This may cause unexpected kernel panics or denial of service in systems using BOOMv1.2.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.7 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/LuLuji04/POC-Boomv1.2
https://github.com/riscv-boom/riscv-boom
https://github.com/riscv-software-src/riscv-isa-sim
Configurations

No configuration.

History

20 Aug 2025, 14:40

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad en la implementación del procesador riscv-boom SonicBOOM 1.2 (BOOMv1.2). Las traducciones de direcciones virtuales a físicas válidas configuradas con permisos de escritura (PTE_W) en modo SV39 pueden generar incorrectamente un fallo de acceso a la memoria/AMO durante las instrucciones de almacenamiento (sd). Esto ocurre a pesar de la presencia de entradas correctas en la tabla de páginas y modos de acceso a memoria válidos. El fallo se reproduce al realizar la transición a memoria virtual e intentar realizar operaciones de almacenamiento en la memoria del kernel mapeada, lo que indica una posible falla en la MMU, PMP o la lógica de aplicación de acceso a memoria. Esto puede causar pánicos de kernel inesperados o denegación de servicio en sistemas que utilizan BOOMv1.2.

19 Aug 2025, 19:15

Type Values Removed Values Added
CWE CWE-284
CWE-693
CWE-434
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.3

19 Aug 2025, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-19 15:15

Updated : 2025-08-20 14:40

NVD link : CVE-2025-50897

Mitre link : CVE-2025-50897

CVE.ORG link : CVE-2025-50897

JSON object : View

Products Affected

No product.

CWE
CWE-284

Improper Access Control

CWE-434

Unrestricted Upload of File with Dangerous Type

CWE-693

Protection Mechanism Failure