Northwestern Polytechnical University Discovers Medium-Risk Vulnerability in RISC-V Processor

TapTechNews May 25th news, the official announcement of Northwestern Polytechnical University stated that the team led by Professor Hu Wei from the School of Cyberspace Security of the university has discovered a medium-risk vulnerability in the RISC-VSonicBOOM processor design and was named by the National Computer Network and Emergency Response Technical Handling Coordination Center (CNCERT).

It is introduced that this is the first independently discovered medium-risk vulnerability in the RISC-V processor design that can be remotely exploited in China, and it is also an important progress in the first national key R & D plan project in the field of processor hardware security - the key technology research of comprehensive safety assessment of nano-level chip hardware.

Northwestern Polytechnical University said that most of the current熔断-class and specter-class processor security vulnerabilities use Cache side-channel attacks to leak information in the information recovery stage after triggering transient execution. The discovered port contention vulnerability can replace the Cache side-channel attack as a new type of side-channel attack. The port contention vulnerability can combine with different transient execution mechanisms to form new processor security vulnerabilities. Attackers can use the vulnerability to bypass the security protection mechanisms designed by modern processors and operating systems, and can remotely steal protected sensitive information without administrator rights, resulting in the leakage of key data and personal privacy. The register port contention vulnerability discovered in the RISC-VSonicBOOM processor exceeds the similar vulnerabilities already included in the domestic vulnerability database in terms of the degree of vulnerability harm, score value, and exploitability.

TapTechNews found through inquiry that by the end of 2022, there are approximately 50 different models of domestic RISC-V chips put into mass production in China, and are widely used in embedded scenarios such as industrial control, power management, wireless connection, storage control, and the Internet of Things, and are rapidly expanding to fields such as autonomous driving, artificial intelligence, communication, and data.