CVE-2025-8774
BaseFortify
Publication date: 2025-08-09
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| boom-core | risvc-boom | to 2.2.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-208 | Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not. |
| CWE-203 | The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the L1 Data Cache Handler component of riscv-boom SonicBOOM up to version 2.2.3. It involves manipulation that leads to observable timing discrepancies. Exploiting this vulnerability requires local access and is considered difficult due to high attack complexity.
How can this vulnerability impact me? :
The vulnerability could potentially allow an attacker with local access to observe timing discrepancies in the L1 Data Cache Handler, which might be used to infer sensitive information. However, the attack is difficult to perform and requires high complexity, limiting its practical impact.