rocketchip_2.12 is vulnerable to information disclosure. The vulnerability exists due to the insecure cryptographic algorithm used in RocketCore.scala
, allowing an attacker to gain sensitive information through the malicious Zk
extensions.
github.com/advisories/GHSA-hg7j-9h3g-36x3
github.com/chipsalliance/rocket-chip/commit/4f8114374d8824dfdec03f576a8cd68bebce4e56
github.com/chipsalliance/rocket-chip/pull/2906
github.com/chipsalliance/rocket-chip/pull/2950
github.com/chipsalliance/rocket-chip/pull/2950#issuecomment-1106745660
github.com/chipsalliance/rocket-chip/pull/2950#issuecomment-1107055607
github.com/chipsalliance/rocket-chip/pull/2950/commits/4f8114374d8824dfdec03f576a8cd68bebce4e56