Can you explain this vulnerability to me?

This vulnerability exists in the riscv-boom SonicBOOM 1.2 (BOOMv1.2) processor implementation, specifically in its virtual memory system operating under SV39 mode. When valid virtual-to-physical address translations with write permissions (PTE_W) are configured, the processor incorrectly triggers Store/AMO access faults during store instructions (sd), despite proper page table entries and valid memory access modes. This flaw occurs during transitions into virtual memory and store operations in mapped kernel memory, indicating a problem in the memory management unit (MMU), physical memory protection (PMP), or memory access enforcement logic. As a result, it can cause unexpected kernel panics or denial of service in affected systems. [1]

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can lead to system instability by causing unexpected exceptions during store operations in kernel memory. Specifically, it may cause kernel panics or denial of service in systems using the BOOMv1.2 processor implementation. This impacts systems performing privileged operations involving virtual memory management and kernel-mode store instructions, potentially resulting in critical system failures. [1]

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by reproducing the fault conditions described in the proof-of-concept repository. Specifically, clone the GitHub repository 'LuLuji04/POC-Boomv1.2', run the provided fuzzing script 'start_fuzzing_boom.sh', and analyze the test programs located in '$PWD/Fuzzer/batchboom/mismatch' with logs output to '$PWD/mylog'. The fault manifests as Store/AMO access fault exceptions (MCLAUSE=7) during store instructions (sd) in SV39 mode with valid page table entries. Using this fuzzing approach can help detect the vulnerability on your system. [1]

Useful 0 Not Useful 0