August 7, 2024 at 03:06PM
A team from the CISPA Helmholtz Center for Information Security in Germany has revealed a new vulnerability in the XuanTie C910 CPU based on RISC-V architecture. Named GhostWrite, the flaw could allow attackers to gain unrestricted access to targeted devices. Although no specific tools or methods to detect attacks currently exist, researchers have released an open source framework called RISCVuzz for discovering vulnerabilities.
The meeting notes highlight the discovery of a new vulnerability called GhostWrite affecting the XuanTie C910 CPU based on the RISC-V architecture. This flaw allows attackers to read and write from physical memory, potentially granting them full access to the targeted device. The vulnerability impacts various systems, including PCs, laptops, cloud servers, and specific devices like Sipeed Lichee Pi 4A and BeagleV-Ahead single-board computers. Mitigations are being provided by Scaleway, but fixing the hardware bug will require disabling the vector extension, impacting performance. A CVE identifier has not yet been assigned, and there are no specific tools for detecting attacks related to this vulnerability. The researchers also released an open-source framework, RISCVuzz, for discovering RISC-V CPU vulnerabilities.