donbApr 19, 2017

A full technical explanation of, and sample code for, the RISC-V CPU-level privilege escalation flaw. This is exploitable in QEMU, and is vulnerable in the current stable implementation spec, though it is in the process of being solved by the RISC-V team:

http://blog.securitymouse.com/2017/04/the-risc-v-files-supervisor-machine.html

#HITB2017AMS

Show threadグレェ「grey」Apr 19, 2017
So that works on QEMU I guess from reading that? Do SiFive RISC-V silicon iterations even implement any of the proposed PMP protections yet? @donb
Show threaddonb
@byterhymer good question! nah, but tbf their current silicon only supports Machine mode, so there really isn't anything to protect. We'll see more silicon as the priv spec enhances, but for now, nothing available/nothing protectable.
Apr 19, 2017 at 7:21pmAmaroq
Show threadグレェ「grey」Apr 19, 2017

@donb Good to know! I would still have fun with such a device, but can't justify such expenses at the moment.

I hadn't seen your VBlog series before though, this was enjoyable!

https://www.youtube.com/watch?v=xhy3HhGs5h8