Deutsch English Français Italiano |
<memo.20240813173946.20940Y@jgd.cix.co.uk> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: jgd@cix.co.uk (John Dallman) Newsgroups: comp.arch Subject: Quite a spectacular security bug Date: Tue, 13 Aug 2024 17:39 +0100 (BST) Organization: A noiseless patient Spider Lines: 29 Message-ID: <memo.20240813173946.20940Y@jgd.cix.co.uk> Reply-To: jgd@cix.co.uk Injection-Date: Tue, 13 Aug 2024 18:39:46 +0200 (CEST) Injection-Info: dont-email.me; posting-host="1ff2dbfa950121735ddd016b3f63b4a2"; logging-data="4180312"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18UFd5DwMBBqcvNlSOmqaciswrrp1zQA14=" Cancel-Lock: sha1:LwK8sRu00YR+yg5oRUZ4utP/h0k= X-Clacks-Overhead-header: GNU Terry Pratchett Bytes: 2082 I occasionally scan the recent RISC-V news. A year ago, I was expecting it to be in mass-market Android devices by the end of 2024, but that isn't going to happen, for assorted good reasons. I am quite impressed by the security bugs in Alibaba's T-Head processors, although not in a good way. On the C910 core, there's a flaw with use of the MMU that allows any unprivileged process running native code to write anywhere in physical memory, and to execute arbitrary code with kernel or machine privileges. Fortunately, this is not a RISC-V architecture bug, but a problem in Alibaba's nonstandard vector extensions. There appears to be no fix, except to disable those extensions. This may be a little hard on Scaleway, a French cloud provider who launched RISC-V service with great fanfare a few months ago. <https://ghostwriteattack.com/> <https://www.theregister.com/2024/08/07/riscv_business_thead_c910_vulnerab le/> There's also a CPU freeze vulnerability in the C910, triggered by reading from virtual address 0, which seems like something you might well be able to do without native code. The C908 and C906 cores have halt-and-catch-fire vulnerabilities. I've just put Alibaba RISC-V on my "no way, not for a decade" list. John