What happens when you have a bug in your CPU? Today we are looking at GhostWrite, a RISC-V vulnerability affecting multiple CPU vendors, particuarly related to the vector instructions.
Using some PoC code, weâll crash the system, modify a process, and even read arbitrary memory! You can even try this yourself with my provided code + the right board.
Weâll also take a look at how the CISPA researchers discovered this vulnerability via Differential Fuzzing; a fairly new technique in the CPU space.
---
PoC Code Repo:
https://github.com/LaurieWired/GhostWriteExploit
---
Follow LaurieWired on Social Media:
âșhttps://linktr.ee/lauriewired
---
Timestamps:
00:00 Intro
00:50 Classes of Vulnerability
01:52 Differential Fuzzing
03:39 Trigger System Crash
04:55 Docker Isolation (Fail!)
05:44 Manipulating Processes
06:51 Reading Arbitrary Memory
07:58 Mitigation + Conclusion
---
Resources on GhostWrite:
Original Paper:
https://ghostwriteattack.com/riscvuzz.pdf
RISC-V Vector Overview:
https://www.youtube.com/watch?v=Ozj\_xU0rSyY
Memory Paging Overview:
https://www.youtube.com/watch?v=vc79sJ9VOqk