Alibaba's T-Head C910 RISC-V Chips: Serious Security Vulnerabilities Uncovered
Researchers at the CISPA Helmholtz Center for Information Security have identified severe security flaws in Alibaba's T-Head C910 RISC-V processors. These vulnerabilities, especially impacting the T-Head C910 CPU cores within the TH1520 SoC, pose significant risks.
GhostWrite Vulnerability: A Critical Threat
The most alarming issue is a flaw dubbed GhostWrite, which enables rogue applications or users to read and write physical memory and execute arbitrary code with kernel-level privileges. In simpler terms, an attacker can potentially take full control of the affected device.
The Root Cause: Vector Extension Design
The vulnerability stems from the vector extension in the C910's design. Typically, Memory Management Units (MMUs) protect physical memory from unauthorized access. However, the C910's vector extension instructions operate on physical memory directly, bypassing these protections.
Why This Can't Be Easily Fixed
Since the instructions causing the issue are hardwired into the chip's silicon, they can't be patched through microcode or software updates. The only viable solution is to disable the vector extension, which significantly impacts application performance.
Direct Memory Manipulation
This flaw allows unprivileged users—those without special permissions—to directly manipulate physical memory. This compromises the isolation that usually exists between the operating system and individual applications. Even sophisticated security measures like Docker cannot prevent this attack.
How Easy Is It to Exploit?
Exploiting this vulnerability is alarmingly straightforward. An attacker can use a simple sequence of instructions to write to any memory address, making it a severe security concern.
Other Affected Processors
In addition to the C910, vulnerabilities were also found in the T-Head XuanTie C906 and C908 CPUs. These issues could cause the CPU to crash upon exploitation. Alibaba has acknowledged and reproduced the bugs in the C910 and C906 but has yet to respond to the report on the C908.
The Challenge of Fixing Hardware Flaws
The GhostWrite vulnerability underscores a significant challenge in hardware security. Modern RISC-V processors do not use reprogrammable microcode, which limits the ability to patch vulnerabilities after the chip is manufactured. The researchers suggest that a microcode layer should be introduced to RISC-V CPUs to mitigate future vulnerabilities.
In summary, the discovery of these vulnerabilities in Alibaba's T-Head RISC-V chips highlights the importance of rigorous security testing in hardware design. While software can often be updated to fix bugs, hardware flaws require more complex solutions, impacting performance and overall device security.
