Security Warning: RISC-V CPUs from T-HEAD May Have Vulnerabilities on Several Extensions #1727
Comments
|
We use these extensions in a good way, not an evil way. I don't see any issues in box64 side by just using thead extensions. |
I am not familiar with how we use these extensions in box64, so report this as a "warning". If we are currently using them in good way, I would still suggest that code changes in the future related with these extensions should be carefully checked. |
|
If you read the paper, you'll see that it uses some reserved vector instruction that accidentally implemented by thead CPUs to access physical memory directly. We would never use reserved encoding, and we do not support xtheadvector. |
I wish you would 😔 there's a lot of performance left on the table with my SG2042 not having the thead custom extensions supported. |
We will. But after the v1p0 support. I think the code can be largely shared with v0p7. |
See https://ghostwriteattack.com/ for more details.
As reported in the paper, this vulnerability allows unprivileged attackers, even those with limited access, to read and write any part of the computer’s memory and to control peripheral devices like network cards.
Box64 is using these extensions, so it might generate harmful target code in cases.
The text was updated successfully, but these errors were encountered: