GhostWrite vulnerability exploits architectural bug in RISC-V CPU to gain root access

[Pelican Press 0]

This is the hidden content, please

• Sign In
• or
• Sign Up

GhostWrite vulnerability exploits architectural bug in RISC-V CPU to gain root access

data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///ywAAAAAAQABAAACAUwAOw==

At the ****** Hat cybersecurity conference in Las Vegas, a team of researchers just let the cat out of the bag about a new vulnerability affecting a very popular RISC-V CPU. The

This is the hidden content, please

• Sign In
• or
• Sign Up

affects the XuanTie C910 and C920 CPUs by ******** chip company T-Head. The flaw allows attackers to gain root access or even pull the administrator password from system memory.

The researchers, from CISPA Helmholtz Center for Information Security in Germany, unveiled the flaw and noted several devices susceptible to it. While they say the vulnerability does not yet appear to be exploited in the wild, it’s a serious issue. Most of the CPU attacks found in recent years have been side-channel or transient ********** attacks, but that’s not the case with GhostWrite.

GhostWrite is the result of an architectural flaw, a hardware bug in the XuanTie C910 and C920 CPU. These are only two of many RISC-V CPUs, but they are widely used for a variety of applications. According to the research team, vulnerable devices include:

• Scaleway Elastic Metal RV1, bare-metal C910 cloud instances
• Milk-V Pioneer, 64-core desktop/server
• Lichee Cluster 4A, compute cluster
• Lichee Book 4A, laptop
• Lichee Console 4A, tiny laptop
• Lichee Pocket 4A, gaming console
• Sipeed Lichee Pi 4A, single-board computer (SBC)
• Milk-V Meles, SBC
• BeagleV-Ahead, SBC

Since GhostWrite is a hardware flaw, it cannot be fixed with a simple software update or patch. The team found the ******* 100% reliable, taking only microseconds to ********. It’s even able to bypass Docker containerization and other forms of sandboxing.

The only way the researchers found to mitigate the vulnerability was to disable the vector extension for the CPU. RISC-V processors use the vector extension add-on to handle larger data values than the base Instruction Set Architecture (ISA) can process.

Disabling the RISC-V vector extension means disabling roughly 50% of the instruction set for the CPU. In testing, the researchers found an

This is the hidden content, please

• Sign In
• or
• Sign Up

(PDF) when disabling the vector extension. This, naturally, may not be an acceptable solution for most uses.

The CISPA Helmholtz team reported the bug to T-Head, which acknowledged and reproduced it. However, the manufacturer hasn’t commented on any fixes for the flaw.

Get Tom’s Hardware’s best news and in-depth reviews, straight to your inbox.

This is the hidden content, please

• Sign In
• or
• Sign Up

#GhostWrite #vulnerability #exploits #architectural #bug #RISCV #CPU #gain #root #access

This is the hidden content, please

• Sign In
• or
• Sign Up

This is the hidden content, please

• Sign In
• or
• Sign Up

For verified travel tips and real support, visit: https://hopzone.eu/