## https://sploitus.com/exploit?id=A140EAE9-5FAB-54CB-9BD1-1DCA09D8F35A
# XiangShan Cross-ASID BPU Leak PoC
Minimal proof of concept for a cross-ASID branch predictor state leak in
OpenXiangShan XiangShan.
The PoC demonstrates that branch predictor state trained by a victim address
space can be observed by an attacker address space with a different ASID when
the two execute a colliding virtual branch. A victim secret bit controls the
victim branch direction; the attacker measures the same virtual branch with a
known not-taken input and decodes the secret from the timing effect.
This repository is intended as supporting code for vulnerability reporting and
CVE coordination.
## Tested Target
The byte-level result in `docs/results.md` was reproduced on:
- OpenXiangShan XiangShan branch: `kunminghu-v3`
- commit: `064f8462a6bfc13994099e2eb70c63fa5f63b85b`
- subject: `feat(ftq): drop resolve when no mispredict (#5759)`
- date: `2026-05-19T10:37:32+08:00`
- generated configuration: `TLMinimalConfig`
- runner type: Cascade vanilla no-trace Verilator runner
## Repository Contents
- `poc/bpu_branch_leak_poc.py`: self-contained PoC generator/runner.
- `docs/results.md`: verified reproduction output.
- `docs/technical-notes.md`: impact, assumptions, and limitations.
Generated ELFs, dumps, VCDs, logs, and local runner binaries are intentionally
not included.
## Prerequisites
You need:
- Python 3.10 or newer.
- `riscv64-unknown-elf-gcc`.
- `riscv64-unknown-elf-objdump`.
- A XiangShan `TLMinimalConfig` Verilator runner that accepts:
- `SIMLEN`
- `SIMSRAMELF`
- `TRACEFILE`
The script can run directly on the host, or inside an existing Docker-based
Cascade mount setup.
## Reproduce
Host runner:
```bash
python3 poc/bpu_branch_leak_poc.py \
--runner /absolute/path/to/Vtop_tiny_soc \
--secret-hex a5 \
--threshold 20 \
--train-iters 32 \
--simlen 60000 \
--timeout 420
```
Equivalent environment-variable form:
```bash
XS_RUNNER=/absolute/path/to/Vtop_tiny_soc \
python3 poc/bpu_branch_leak_poc.py --secret-hex a5 --threshold 20
```
Docker runner:
```bash
python3 poc/bpu_branch_leak_poc.py \
--use-docker \
--container codex_cascade_cpu_fuzzing \
--host-base /absolute/host/mount \
--container-base /cascade-mountdir \
--runner /cascade-mountdir/path/to/Vtop_tiny_soc \
--secret-hex a5 \
--threshold 20
```
Expected successful output:
```text
SECRET_BITS=10100101
DECODED_SECRET=10100101
DECODED_HEX=a5
MATCH=1
```
## Security Interpretation
This is a cross-ASID microarchitectural information leak. It is stronger than a
cooperative covert channel because the victim only needs to execute a
secret-dependent branch at a colliding virtual branch PC. It is not an
architectural control-flow hijack, and the current PoC is not an arbitrary
memory read: sensitive data must influence victim control flow.
Practical examples of vulnerable victim behavior include non-constant-time
checks where key bits, comparison bytes, or exponent bits affect branch
direction.