CVE-2025-50897 identifies a vulnerability in the RISC-V BOOM (Berkeley Out-of-Order Machine) SonicBOOM processor implementation version 1.2 (BOOMv1.2). Specifically, the flaw lies in the handling of virtual-to-physical address translations under the SV39 virtual memory mode. The vulnerability manifests when page table entries (PTEs) with write permissions (PTE_W) are correctly configured, yet store instructions (such as 'sd' - store doubleword) trigger Store/AMO (Atomic Memory Operation) access faults unexpectedly. This indicates a malfunction in the Memory Management Unit (MMU), Physical Memory Protection (PMP), or related memory access enforcement logic. The issue arises during transitions into virtual memory and attempts to perform store operations on mapped kernel memory regions. Despite valid page tables and proper access rights, the processor erroneously raises access faults, which can lead to kernel panics or denial of service (DoS) conditions. This vulnerability is particularly critical in systems relying on BOOMv1.2 processors for kernel-level operations, as it undermines memory access reliability and system stability. No known exploits are reported in the wild, and no patches or fixes have been linked yet. The absence of a CVSS score suggests this is a newly disclosed vulnerability requiring further assessment and mitigation planning.

For European organizations deploying systems based on the BOOMv1.2 RISC-V processor, this vulnerability poses a risk of unexpected system crashes and denial of service, especially in environments where kernel memory operations are frequent and critical. The impact is primarily on system availability and reliability, as kernel panics can disrupt services, cause data loss, or require system reboots. Organizations running critical infrastructure, embedded systems, or edge computing devices using this processor may experience operational interruptions. Since the fault occurs despite correct memory permissions, it complicates troubleshooting and may delay incident response. Confidentiality and integrity impacts appear limited, as the vulnerability does not directly enable unauthorized data access or modification but rather causes faults during legitimate write operations. However, repeated denial of service could indirectly affect business continuity and service-level agreements. European sectors such as telecommunications, industrial control systems, and research institutions experimenting with RISC-V architectures could be affected. The lack of known exploits reduces immediate risk, but the vulnerability's presence in kernel-level memory management warrants prompt attention.

Given the nature of the vulnerability, mitigation should focus on the following practical steps: 1) Immediate assessment of all deployed systems using BOOMv1.2 processors to identify exposure. 2) Where possible, disable or avoid using SV39 virtual memory mode or store instructions that trigger the fault until a patch or microcode update is available. 3) Engage with processor vendors and open-source communities maintaining BOOM implementations to obtain patches or workarounds. 4) Implement enhanced monitoring for kernel panics and memory access faults to detect exploitation attempts or fault occurrences early. 5) For systems in development or testing, consider switching to alternative RISC-V cores or processor versions without this flaw. 6) Employ redundancy and failover mechanisms to mitigate potential denial of service impacts. 7) Review and harden kernel memory management configurations to minimize transitions that trigger the fault. 8) Maintain up-to-date backups and incident response plans tailored to handle unexpected system crashes. These steps go beyond generic advice by focusing on processor-specific configurations, vendor engagement, and operational continuity planning.