XiangShan Speculative Execution Vulnerability Allowing Side-Channel Information Access

A vulnerability in XiangShan Nanhu V2 and XiangShan Kunmighu V3 processors allows attackers to exploit speculative execution and indirect branch prediction. This exploitation can lead to unauthorized access to sensitive information through side-channel analysis of the data cache. The vulnerability was identified in an academic project that tested the Spectre-v1 attack using a Flush+Reload cache side channel.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information through side-channel analysis, similar to other Spectre vulnerabilities.

Reproduction

The vulnerability can be reproduced by setting up the XiangShan simulation environment, ensuring the processor is at the correct commit for the desired version (V2 or V3). After compiling the processor with the appropriate configuration, the Spectre-v1 attack can be executed by running a compiled workload that exploits the vulnerability, using the XiangShan emulator.