At the Black Hat USA 2024 conference, a critical vulnerability in RISC-V CPUs was unveiled by researchers from the CISPA Helmholtz Center for Information Security. This hardware flaw, named “GhostWrite,” allows attackers to extract sensitive data from the CPU’s memory, posing a significant threat to security. The vulnerability affects Alibaba subsidiary T-Head’s CPUs XuanTie C906, C908, and C910, with the most impactful impact on C910 allowing unprivileged users to modify data in physical memory, interact with hard drives, and peripheral devices.
GhostWrite takes advantage of a weakness in the processor’s memory management system, giving attackers unrestricted access to a device’s physical memory bypassing security measures. Unlike previous attacks that required physical access to the chip, GhostWrite exploits a malicious process to manipulate the virtual memory table, granting unauthorized access to specific physical memory addresses. This enables attackers to steal sensitive data such as private keys and login credentials.
The potential performance impact of fixing the vulnerability is a cause for concern, as disabling the specific extensions needed to block GhostWrite attacks could result in a 50% performance reduction, significantly limiting the chip’s capabilities. The root of the problem lies in the open-source nature of RISC-V, which allows for customization and innovation but also introduces challenges in maintaining consistent security standards. The lack of a central registry for custom extensions further complicates the issue, as different manufacturers may implement the same instruction with varying results.
Researchers developed a novel fuzzing technique called RISCVuzz to identify these vulnerabilities systematically across multiple RISC-V CPUs. While the GhostWrite and C908 vulnerabilities can be mitigated by disabling the vector extension, rendering core CPUs unusable, no viable mitigation has been found for C906. The flaws were disclosed to T-Head and Scaleway in April 2024, but no updates have been made to address these issues.
Despite the alarming discovery of these vulnerabilities, it is crucial to recognize that the RISC-V ecosystem is still relatively young. Collaborative efforts within the industry are essential to establish robust security standards and testing methodologies to prevent similar incidents in the future. As technology advances, the importance of cybersecurity measures cannot be overstated in safeguarding sensitive data and protecting against potential threats.