Alibaba's Pingtouge Semiconductor's RISC-V Cores Found to Have GhostWrite Vulnerability

TapTechNews August 9th, a research team from the Helmholtz Center for Information Security in Germany found that there is an architecture vulnerability named GhostWrite in the two RISC-V cores,玄铁 C910 and 玄铁 C920, launched by Alibaba's Pingtouge Semiconductor.

玄铁 C910 is used in the Pingtouge Yeying TH1520 SoC; 玄铁 C920 is used in the 64-core Sican SG2042 processor.

The research team said that the GhostWrite vulnerability allows unprivileged attackers to read and write any part of the computer memory and control peripheral devices such as network cards.

The essential reason for the GhostWrite vulnerability is that the vector extension of the 玄铁 C910/C920 core contains incorrect instructions. These incorrect instructions directly use physical memory instead of virtual memory, bypassing the process isolation usually set at the operating system or hardware level.

Unprivileged attackers can access the device unrestrictedly, even security measures such as Docker containerization or sandboxing cannot prevent the attack triggered by the GhostWrite vulnerability.

The GhostWrite vulnerability is embedded in the hardware and cannot be repaired by software updates. The only way to mitigate this vulnerability is to disable the entire vector function of 玄铁 C910/C920, which will seriously affect the performance and functionality of the CPU: the overhead in the rvv-bench benchmark is up to 33%.

Pingtouge Semiconductor has acknowledged this vulnerability found by the Helmholtz Center for Information Security.

Devices vulnerable to the GhostWrite vulnerability sorted by TapTechNews include:

ScalewayElasticMetalRV1 cloud instance

Milk-VPionneer motherboard

LicheeCluster4A cluster computing platform

LicheeBook4A notebook

LicheeConsole4A portable terminal

LicheePocket4A handheld game console

LicheePi4A development board