New T-Head CPU Vulnerabilities Leave Devices Vulnerable to Unrestricted Attacks

Published:

Researchers Uncover Architectural Bug in Chinese CPU Chips – Vulnerability Allows Unrestricted Access

In a groundbreaking discovery, researchers from the CISPA Helmholtz Center for Information Security in Germany have identified a critical architectural flaw in T-Head’s XuanTie C910 and C920 RISC-V CPUs. This bug, dubbed GhostWrite, allows attackers to bypass security measures and gain unrestricted access to vulnerable devices.

Unlike typical side-channel attacks, GhostWrite is a direct CPU bug embedded in the hardware itself. It targets faulty instructions in the vector extension of the RISC-V ISA, enabling attackers to manipulate memory directly and circumvent process isolation enforced by the operating system.

The severity of this vulnerability is alarming, as it enables attackers to read and write to any memory location, potentially exposing sensitive information like passwords. Even security measures like Docker containerization or sandboxing are ineffective against this attack, which can be executed in microseconds and grants attackers full control over the device.

The only viable workaround for GhostWrite is to disable the vector extension, but this comes at a cost – a significant decrease in CPU performance and functionality. Applications relying on parallel processing and handling large datasets will suffer as a result.

This revelation comes on the heels of other critical security flaws in hardware components, such as vulnerabilities in Qualcomm’s Adreno GPU and AMD processors. As cyber threats continue to evolve, it is crucial for hardware manufacturers to prioritize security in their designs to protect users from potential attacks.

Related articles

Recent articles