C910's GhostWrite vulnerability

Hi,
I’ve found this, affecting our Meles.

"It allows a rogue application or user to read and write physical memory, and execute arbitrary code with kernel (supervisor) and machine-mode privileges, allowing them to take over the device entirely.[…]

The vulnerability lies in faulty instructions in the C910’s vector extension implementation […]. The problem is that some of these instructions operate on physical memory […].

And as the instructions are baked into the silicon, they cannot be fixed with a microcode or software update. To mitigate the issue, the vector extension must be disabled. […]

'The attack is 100 percent reliable, deterministic, and takes only microseconds to execute. Even security measures like Docker containerization or sandboxing cannot stop this attack. Additionally, the attacker can hijack hardware devices that use memory-mapped input/output (MMIO), allowing them to send any commands to these devices.'"

The C920 in the SG2042/Pioneer is unfortunately also affected.