Arbitrary Data Manipulation and Leakage with CPU Zero-Day Bugs on RISC-V
Unknown
Black Hat USA 2024 · Day 1 · Briefing
This talk, presented by Fabian Thomas and Lauren Satterish, PhD students from the CISPA Helmholtz Center for Information Security, unveils a critical hardware vulnerability dubbed **GhostWrite** that affects RISC-V processors. The researchers make the audacious claim of achieving arbitrary data manipulation and leakage by exploiting CPU zero-day bugs, effectively bypassing all layers of software-based isolation. This presentation challenges the prevailing assumption that modern software sandboxing techniques, including operating system privilege levels and containerization, can sufficiently protect against sophisticated attacks originating from compromised user-space applications.