Arbitrary Data Manipulation and Leakage with CPU Zero-Day Bugs on RISC-V

Fabian Thomas and Laurent Schmierer, introduces "GhostRider," a zero-day vulnerability they discovered in the T-Head C910 RISC-V processor. This vulnerability allows for data manipulation and leakage by bypassing software isolation and writing directly to physical memory. Here are the key points discussed: GhostRider Vulnerability: This exploit allows unprivileged applications to bypass operating systems and other security measures to interact directly with hardware. It exploits a flaw in a RISC-V vector instruction to write to physical memory instead of virtual memory, enabling arbitrary data manipulation, memory leakage, and privilege…

RISC-V simulation with Qemu

Installation of Qemu On the Qemu website, you can find a lot of information on how to get it running. But for the specific purpose of this tutorial, a few important extra steps are needed. In order to use the user mode simulation, your host system must be Linux. I recommend installing from source as described on this  using configure with --target-list= riscv32-linux-user,riscv64-linux-user, riscv32-softmmu,riscv64-softmmu as a configuration. I assume you have a RV toolchain running, if not,  is how. User-Mode The simplest way of getting an environment for RV programming is…

Installing & Building RISC-V Toolchain

Prerequisites Several standard packages are needed to build the toolchain $ sudo apt-get install autoconf automake autotools-dev curl python3 python3-pip libmpc-dev libmpfr-dev libgmp-dev gawk build-essential bison flex texinfo gperf libtool patchutils bc zlib1g-dev libexpat-dev ninja-build git cmake libglib2.0-dev libslirp-dev Create a directory and clone $ mkdir ~/riscv && cd ~/riscv $ git clone https://github.com/riscv/riscv-gnu-toolchain Configure and make $ mkdir /opt/riscv $ ./configure --prefix=/opt/riscv $ make linux Your tool will be available on /opt/riscv/bin Add /opt/riscv/bin to PATH Edit the ~/.bashrc file $ sudo vim ~/.bashrc Add below at the end of the file and…