CVE-2025-8774 | riscv-boom SonicBOOM up to 2.2.3 L1 Data Cache timing discrepancy (EUVD-2025-24063)
A vulnerability described as problematic has been identified in riscv-boom SonicBOOM up to 2.2.3. Affected is an unknown function of the component L1 Data Cache Handler. The manipulation results in observable timing discrepancy.
This vulnerability is identified as CVE-2025-8774. The attack is only possible with local access. Additionally, an exploit exists.
The vendor was contacted early about this disclosure but did not respond in any way.