A major security flaw has come to light for RISC-V processors with the discovery of a new hardware vulnerability called “GhostWrite.” Researchers from CISPA Helmholtz Center for Information Security showed this flaw, along with other architectural vulnerabilities, at the Black Hat USA 2024 conference.
Researchers Fabian Thomas and Michael Schwarz discovered vulnerabilities in three CPUs made by Alibaba’s subsidiary T-Head: XuanTie C906, C908, and C910. GhostWrite, the most severe of these, affects the C910 chip. It allows unauthorized access and modification to data in physical memory and interaction with storage devices and peripherals. Hackers can use the flaws in C906 and C908 to crash systems and launch denial-of-service attacks.
GhostWrite exploits flaws in the processor’s memory management. This enables hackers to bypass security measures and access a device’s physical memory without restriction. Unlike previous attacks that required physical access to the chip, GhostWrite can be executed remotely by manipulating the virtual memory table.
The open-source nature of RISC-V, while fostering innovation, has contributed to these security challenges. The lack of standardization in custom extensions across different manufacturers further complicates the issue.
To detect these vulnerabilities, the researchers developed a new fuzzing technique called RISCVuzz, which checks RISC-V CPUs for anomalies. It was good at uncovering the major problems in T-Head’s processors.
Some mitigation strategies such as disabling the vector extension for GhostWrite and C908 vulnerabilities have been proposed, but these solutions render the core CPUs unusable. T-Head and cloud service provider Scaleway learned about these issues in April 2024. Yet they haven’t put out any updates to solve these problems.
These security flaws show we must enhance safety in the fast-changing RISC-V world. Industry collaboration will be crucial in establishing robust security standards and, testing methodologies must be devised to prevent similar incidents in the future.
