Cache timing attacks against AES are well studied on x86 and ARM, but their end-to-end exploitability on commercially deployed RISC-V systems under realistic OS scheduling is less documented. This paper presents an experimental evaluation of a Prime+Probe attack targeting the private L1 data cache of a PolarFire SoC RISC-V platform running Linux, where attacker and victim are independent user-space processes time-multiplexed on the same core. We separate three stages, leakage observability, cache-set classification, and key inference, and show that first-round T-table lookups induce measurable per-set interference enabling reliable inference of the most significant 4 bits of AES key bytes. We also find substantial cache-set variability highlighting a practical gap between observable leakage and end-to-end exploitability on real RISC-V systems.