*** This bug is a security vulnerability *** Public security bug reported:
https://ghostwriteattack.com/riscvuzz.pdf describes that some T-Head processors allow unprivileged users to access any physical address due to incorrectly implemented vector instructions. We have published 22.04 and 24.04 images for the Nezha D1 and LicheeRV Dock boards. These use the T-Head C906 core mentioned in the publication. The VS field of the mstatus CRC can be used to disable vector instructions as described in chapter 3.1.6., "Machine Status Registers (mstatus and mstatush)" of the Privileged Architecture Specification version 2024-04-11. On T-Head C906, C908, C910 cores OpenSBI should set the VS field to 0 (Off) and adjust the published ISA extensions in the device-tree and possibly in the misa register. We need to check that with this change vector instructions result in a trap. ** Affects: opensbi (Ubuntu) Importance: High Status: New ** Tags: foundations-todo ** Tags added: foundations-todo -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2076397 Title: Ghostwrite mitigation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensbi/+bug/2076397/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
