Thursday, December 12, 2024
HomeCPUGhostWrite Vulnerability Let Hackers Read And Write Any Part Of The Computer's...

GhostWrite Vulnerability Let Hackers Read And Write Any Part Of The Computer’s Memory

Published on

SIEM as a Service

Such is the industry, that RISC-V, an open and extensible instruction set architecture (ISA) has now invaded the CPU market, opening up many opportunities for new entrants.

It has gained a lot of traction through Linux kernel support as well as being adopted by consumer devices and cloud platforms.

However, RISC-V’s flexible nature has led to various kinds of hardware implementations with different features and security practices.

- Advertisement - SIEM as a Service

However, this can be achieved without any knowledge of source codes or using emulators. Models are chosen from various vendors using differential CPU fuzzing in order to compare their architectural behaviors.

A group of cybersecurity researchers at CISPA Helmholtz Center for Information Security recently identified that there were three major security vulnerabilities in five commercial RISC-V CPUs including GhostWrite where an attacker can write arbitrary data from unprivileged states into any physical memory locations.

Technical Analysis

This makes it possible to read physical memory and execute arbitrary machine-mode code even when operating within cloud environments.

Two privileged instruction sequences that could cause unrecoverable CPU halts were also found by RISCVuzz consequently exposing major security concerns in the implementation of RISC-V systems.

The GhostWrite bug, found in the RISC-V CPU, T-Head XuanTie C910, is a hardware design flaw that poses a major security risk.

Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Access

Even attackers with minimal system privilege can read and write any memory and tamper with peripherals like network cards.

Ghostwrite eliminates all of the inbuilt security controls of the CPU consequently allowing attackers to have absolute control over the entire system.

However, this vulnerability is made worse by the fact that fixing it would involve disabling about 50% of its functions consequently making it an inappropriate measure.

As an addition to RISC-V ISA, which helps in dealing with huge information values, these broken instructions deal with the physical memory by ignoring the virtual memory protections and process isolation imposed by the OS and hardware.

In contrast to side-channel or transient-execution attacks, however, GhostWrite is a direct CPU bug caused by faulty vector extension instructions.

GhostWrite is a flaw embedded in hardware that cannot be fixed using software updates.

This allows unprivileged attackers to write to any memory location, bypassing security features completely and gaining uncontrolled access to devices.

Furthermore, it enables hackers to hijack hardware devices through memory-mapped I/O (MMIO), enabling them to execute arbitrary commands on those devices.

Here below we have mentioned all the vulnerable devices:-

  • Scaleway Elastic Metal RV1, bare-metal C910 cloud instances
  • Lichee Cluster 4A, compute cluster
  • Lichee Book 4A, laptop
  • Lichee Console 4A, tiny laptop
  • Lichee Pocket 4A, gaming console
  • Sipeed Lichee Pi 4A, single-board computer (SBC)
  • Milk-V Meles, SBC
  • BeagleV-Ahead, SBC

Differential fuzz testing of RISC-V CPUs revealed GhostWrite by comparing the results of small programs on different processors.

Differential CPU Fuzz Testing (Source – GhostWriteAttack)

However, the T-Head XuanTie C910 acted differently, as its execution did not raise an exception as expected but rather it just executed the vector store instruction illegitimately encoded into it.

This implies that there is a serious direct physical memory write error that can bypass the virtual memory protection systems.

Download Free Cybersecurity Planning Checklist for SME Leaders (PDF) – Free Download

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Resecurity introduces Government Security Operations Center (GSOC) at NATO Edge 2024

Resecurity, a global leader in cybersecurity solutions, unveiled its advanced Government Security Operations Center...

Reserachers Uncovered Zloader DNS Tunneling Tactics For Stealthy C2 Communication

Zloader, a sophisticated Trojan, has recently evolved with features that enhance its stealth and...

US Charged Chinese Hackers for Exploiting Thousands of Firewall

The US Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned Sichuan Silence...

DMD Diamond Launches Open Beta for v4 Blockchain Ahead of 2025 Mainnet

DMD Diamond - one of the oldest blockchain projects in the space has announced the...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

DMD Diamond Launches Open Beta for v4 Blockchain Ahead of 2025 Mainnet

DMD Diamond - one of the oldest blockchain projects in the space has announced the...

Ivanti CSA Vulnerabilities Let Attackers Gain Admin Access

 Ivanti has issued critical software updates to address several severe vulnerabilities in its Cloud...

Chrome Security Update, Patch For Multiple Vulnerabilities

Google has released a new update on the Stable channel for its Chrome browser,...