Описание
risc0 vulnerable to arbitrary code execution in guest via memory safety failure in sys_read
Arbitrary code execution in guest via memory safety failure in sys_read
In affected versions of risc0-zkvm-platform, when the zkVM guest calls sys_read, the host is able to use a crafted response to write to an arbitrary memory location in the guest. This capability can be leveraged to execute arbitrary code within the guest. As sys_read is the mechanism by which input is requested by the guest, all guest programs built with the affected versions are vulnerable. This critically compromises the soundness guarantees of the guest program.
A fix was applied in #3351. The vulnerable pointer arithmetic was removed, and replaced with a simplified implementation in the v1compat kernel which uses Rust’s slice functions to guarantee memory safety.
The fix has been released as part of risc0-zkvm versions 2.3.2 and 3.0.3. All prior versions are affected.
Remediation
All developers of zkVM applications should update their guests to use risc0-zkvm versions ^2.3.2 or ^3.0.3.
This upgrade can be accomplished by editing all Cargo.toml files in the following way.
- Any references to
risc0-zkvmshould use version specifiers”2.3.2”or”3.0.3”. - Any references to
risc0-buildshould use version specifiers”2.3.2”or”3.0.3”, matchingrisc0-zkvm. - Any references to
risc0-zkvm-platformshould use version specifier”2.1.0”or later. Most projects will not have direct references to this crate.
Rebuild your application including the guest. You can run the following command to check that the patch is applied:
Any applications that use the image ID of this guest need to be updated with the newly built image ID.
Note that there are no changes to the RISC Zero proof system or circuits. Provers are not required to take any action. Users of the Groth16 smart contract verifier and the RISC Zero Verifier Router are not required to take any action beyond updating their guest programs.
Any applications using the risc0-aggregation crate or the RiscZeroSetVerifier smart contract should update to version >=0.9. This application includes a zkVM guest, which is vulnerable in versions prior to 0.9. Instances of the RiscZeroSetVerifier operated by RISC Zero have been disabled via the estop mechanism outlined in the Verifier Management Design.
Пакеты
risc0-zkvm-platform
< 2.1.0
2.1.0
risc0-zkos-v1compat
< 2.1.0
2.1.0
risc0-aggregation
< 0.9
0.9
risc0-zkvm
< 2.3.2
2.3.2
risc0-zkvm
>= 3.0.0, < 3.0.3
3.0.3
Связанные уязвимости
RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. In versions 2.0.2 and below of risc0-zkvm-platform, when the zkVM guest calls sys_read, the host is able to use a crafted response to write to an arbitrary memory location in the guest. This capability can be leveraged to execute arbitrary code within the guest. As sys_read is the mechanism by which input is requested by the guest, all guest programs built with the affected versions are vulnerable. This critically compromises the soundness guarantees of the guest program. Other affected packages include risc0-aggregation versions below 0.9, risc0-zkos-v1compat below 2.1.0, risc0-zkvm versions between 3.0.0-rc.1 and 3.0.1. This issue has been fixed in the following versions: risc0-zkvm-platform 2.1.0, risc0-zkos-v1compat 2.1.0, risc0-aggregation 0.9, and risc0-zkvm 2.3.2 and 3.0.3.