The GhostWrite vulnerability impacts T-Head XuanTie C910 and C920 RISC-V CPUs, allowing unprivileged attackers to manipulate memory and peripheral devices. This critical hardware bug cannot be fixed without disabling significant CPU functionality. RISC-V, an open ISA, offers an alternative to expensive x86 and ARM licensing, leading to a diverse ecosystem. Despite the potential impact on various devices, only T-Head CPUs are affected. Automatic bug discovery using differential CPU fuzz testing revealed GhostWrite’s unique way of bypassing process isolation. Mitigating the vulnerability involves disabling the vector extension, but this comes at the cost of reduced CPU performance. Established by extensive testing, GhostWrite is a deterministic direct CPU bug, making it a significant security concern.
https://ghostwriteattack.com