tags:riscfuzzingcpu original link: Ghostwrite CPU Vulnerability newsletter link: exploits.club Weekly Newsletter 33 - CPU Vulns, Breaking Samsung Bootloaders, Tony Hawk Pro Skater, And More
Exploits Club Summary:
New research published this week details a vulnerability affecting certain RISC-V CPUs. Specifically, the vulnerability allows arbitrary read and write of any physical memory address. The bug stems from faulty instructions in the vector extension, which operate directly on physical memory. An unprivileged attacker can use these instructions to write to any memory address with 100% reliability. One of the more interesting parts of this vulnerability was the method of discovery used by the team, which they outline in the associated paper. The team runs the same instructions across multiple CPUs, all of which should provide the same results if they are implemented to spec. If they donâtâŠwell might be a good spot to investigate.