4 matches found
PT-2025-32455 · Sonicboom · Sonicboom
Name of the Vulnerable Software and Affected Versions: riscv-boom SonicBOOM versions through 2.2.3 Description: A timing discrepancy exists in the L1 Data Cache Handler component of the software. This issue is considered problematic and requires local access for exploitation, which is described a...
CVE-2025-52484
RISC Zero is a general computing platform based on zk-STARKs and the RISC-V microarchitecture. Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction including remu and divu in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnerable to an attack by a malicious prover. The...
zkVM Underconstrained Vulnerability
Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction including remu and divu in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnerable to an attack by a malicious prover. The main idea for the attack is to confuse the RISC-V virtual machine into treating the value of th...
CVE-2022-50225 riscv:uprobe fix SR_SPIE set/clear handling
In the Linux kernel, the following vulnerability has been resolved: riscv:uprobe fix SRSPIE set/clear handling In riscv the process of uprobe going to clear spie before exec the origin insn,and set spie after that.But When access the page which origin insn has been placed a page fault may happen...