[BUG] Writing to the cache line of current executing instructions will crash the processor #2566
Open
1 task done
Labels
notCV32A65X
It is not an CV32A65X issue
Type:Bug
For bugs in the RTL, Documentation, Verification environment or Tool and Build system
Is there an existing CVA6 bug for this?
Bug Description
Summary
A vulnerability in the CVA6 processor causes a crash if a cache line holding the currently executing instruction is modified. Specifically, if an adversary executes a store instruction targeting memory that shares a cache line with the executing instruction, the processor will fail.
Details
The issue arises due to a write-back operation during cache coherency, where writing back a dirty cache line puts the processor into a state that leads to a crash.
PoC
If the asm volatile("sw t0, 0(%0)") store instruction modifies a memory address within the same cache line (e.g., between 0x80001000 and 0x800011FF) as the executing instruction, the processor will crash. However, if the store instruction is directed to the next cache line (e.g., 0x80001200), the code executes normally.
Impact
This vulnerability causes undefined behavior in the processor, potentially leading to a denial of service (DoS).
The text was updated successfully, but these errors were encountered: