Quite a spectacular security bug

Liste des GroupesRevenir à c arch 
Sujet : Quite a spectacular security bug
De : jgd (at) *nospam* cix.co.uk (John Dallman)
Groupes : comp.arch
Date : 13. Aug 2024, 17:39:08
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <memo.20240813173946.20940Y@jgd.cix.co.uk>
I occasionally scan the recent RISC-V news. A year ago, I was expecting
it to be in mass-market Android devices by the end of 2024, but that
isn't going to happen, for assorted good reasons.

I am quite impressed by the security bugs in Alibaba's T-Head processors,
although not in a good way.

On the C910 core, there's a flaw with use of the MMU that allows any
unprivileged process running native code to write anywhere in physical
memory, and to execute arbitrary code with kernel or machine privileges.
Fortunately, this is not a RISC-V architecture bug, but a problem in
Alibaba's nonstandard vector extensions. There appears to be no fix,
except to disable those extensions. This may be a little hard on Scaleway,
a French cloud provider who launched RISC-V service with great fanfare a
few months ago.

<https://ghostwriteattack.com/>
<https://www.theregister.com/2024/08/07/riscv_business_thead_c910_vulnerab
le/>

There's also a CPU freeze vulnerability in the C910, triggered by reading
from virtual address 0, which seems like something you might well be able
to do without native code.

The C908 and C906 cores have halt-and-catch-fire vulnerabilities.

I've just put Alibaba RISC-V on my "no way, not for a decade" list.

John

Date Sujet#  Auteur
13 Aug 24 * Quite a spectacular security bug7John Dallman
13 Aug 24 `* Re: Quite a spectacular security bug6MitchAlsup1
13 Aug 24  +- Re: Quite a spectacular security bug1Thomas Koenig
13 Aug 24  `* Re: Quite a spectacular security bug4John Dallman
13 Aug 24   `* Re: Quite a spectacular security bug3MitchAlsup1
14 Aug 24    `* Re: Quite a spectacular security bug2John Dallman
14 Aug 24     `- Re: Quite a spectacular security bug1MitchAlsup1

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal