Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Vulnerabilities & Exploits » GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted Attacks

GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted Attacks

GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted Attacks

https://firewall.firm.in/wp-content/uploads/2024/08/chip.jpg

Aug 13, 2024Ravie LakshmananVulnerability / Hardware Security

CPU Bugs

A team of researchers from the CISPA Helmholtz Center for Information Security in Germany has disclosed an architectural bug impacting Chinese chip company T-Head’s XuanTie C910 and C920 RISC-V CPUs that could allow attackers to gain unrestricted access to susceptible devices.

The vulnerability has been codenamed GhostWrite. It has been described as a direct CPU bug embedded in the hardware, as opposed to a side-channel or transient execution attack.

“This vulnerability allows unprivileged attackers, even those with limited access, to read and write any part of the computer’s memory and to control peripheral devices like network cards,” the researchers said. “GhostWrite renders the CPU’s security features ineffective and cannot be fixed without disabling around half of the CPU’s functionality.”

CISPA found that the CPU has faulty instructions in its vector extension, an add-on to the RISC-V ISA designed to handle larger data values than the base Instruction Set Architecture (ISA).

These faulty instructions, which the researchers said operate directly on physical memory rather than virtual memory, could bypass the process isolation normally enforced by the operating system and hardware.

Cybersecurity

As a result, an unprivileged attacker could weaponize this loophole to write to any memory location and sidestep security and isolation features to obtain full, unrestricted access to the device. It could be also be leak any memory content from a machine, including passwords.

“The attack is 100% reliable, deterministic, and takes only microseconds to execute,” the researchers said. “Even security measures like Docker containerization or sandboxing cannot stop this attack. Additionally, the attacker can hijack hardware devices that use memory-mapped input/output (MMIO), allowing them to send any commands to these devices.”

The most effective countermeasure for GhostWrite is to disable the entire vector functionality, which, however, severely impacts the CPU’s performance and capabilities as it turns off roughly 50% of the instruction set.

“Luckily, the vulnerable instructions lie in the vector extension, which can be disabled by the operating system,” the researchers noted. “This fully mitigates GhostWrite, but also fully disables vector instructions on the CPU.”

“Disabling the vector extension significantly reduces the CPU’s performance, especially for tasks that benefit from parallel processing and handling large data sets. Applications relying heavily on these features may experience slower performance or reduced functionality.”

The disclosure comes as the Android Red Team at Google revealed more than nine flaws in Qualcomm’s Adreno GPU that could permit an attacker with local access to a device to achieve privilege escalation and code execution at the kernel level. The weaknesses have since been patched by the chipset maker.

It also follows the discovery of a new security flaw in AMD processors that could be potentially exploited by an attacker with kernel (aka Ring-0) access to elevate privileges and modify the configuration of System Management Mode (SMM or Ring-2) even when SMM Lock is enabled.

Cybersecurity

Dubbed Sinkclose by IOActive (aka CVE-2023-31315, CVSS score: 7.5), the vulnerability is said to have remained undetected for nearly two decades. Access to the highest privilege levels on a computer means it allows for disabling security features and installing persistent malware that can go virtually under the radar.

Speaking to WIRED, the company said the only way to remediate an infection would be to physically connect to the CPUs using a hardware-based tool known as SPI Flash programmer and scan the memory for malware installed using SinkClose.

“Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution,” AMD noted in an advisory, stating it intends to release updates to Original Equipment Manufacturers (OEM) to mitigate the issue.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket