Let's get physical, physical ... I don't wanna hear your MMU talk
Computer security researchers at the CISPA Helmholtz Center for Information Security in Germany have found serious security flaws in some of Alibaba subsidiary T-Head Semiconductor's RISC-V processors., has been dubbed GhostWrite because it allows a rogue application or user to read and write physical memory, and execute arbitrary code with kernel and machine-mode privileges, allowing them to take over the device entirely.
And as the instructions are baked into the silicon, they cannot be fixed with a microcode or software update. To mitigate the issue, the vector extension must be disabled. Doing so means applications relying on those vector instructions will break, and if emulated in software to continue working, will suffer punishing performance hits.
To better assess chip behavior and characteristics, the researchers developed a fuzzing framework called RISCVuzz, which uses a variety of RISC-V implementations to perform differential fuzzing. The testing tool assumes that the architectural result of each instruction should be the same across different CPUs and flags instances where behavior is different.
"The attack is 100 percent reliable, deterministic, and takes only microseconds to execute," the GhostWrite website explains."Even security measures like Docker containerization or sandboxing cannot stop this attack. Additionally, the attacker can hijack hardware devices that use memory-mapped input/output , allowing them to send any commands to these devices."vsetvli zero, zero, e8, m1 vmv.v.x v0, a0 vse128.
"For the C906 CPU-halting bug, we find no mitigation since the responsible vendor extension cannot be disabled," the paper says. "The complexity of the x86 ISA requires a 'firmware' layer to support some of the very complex instructions," explained Schwarz."A side effect of that is that the behavior of such instructions can also be changed with a microcode update. Additionally, microcode updates allow introducing new features to work around vulnerabilities.
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Major tournament exit opens up tantalising Leeds United managerial head-to-headOne former Leeds United boss can still make the Copa America final this weekend after another crashed out in the semi-finals but the two could yet meet in an intriguing Elland Road alumni battle.
Read more »
Head-to-head comparison of commercial Alzheimer's blood tests reveals most accurate optionsNeurologists diagnose cognitive impairment with a clinical exam of memory and thinking skills.
Read more »
Donald Trump agrees to head-to-head debate with Kamala HarrisMs Harris has now secured enough votes from Democratic delegates to become her party's presidential nominee - although the online voting process doesn't end until Monday.
Read more »
Shed of the Year: Two West Country builders to go head-to-headA 'printing press' shed and a 'potting' shed are among those hoping for the winning title.
Read more »
What Jesse Marsch said about Marcelo Bielsa's 'over-trained' Leeds United as pair set for Copa America clashTwo of Leeds United’s recent former managers will go head-to-head this weekend.
Read more »
Cyber watchdogs warn on phishing scams as IT outage fallout lingersAirlines and healthcare services are among the hardest hit by the faulty CrowdStrike update
Read more »