MileSan: RTL Sanitizer Uncovers 19 New CPU Vulnerabilities
2025-09-09
Researchers introduce MileSan, an RTL sanitizer that detects arbitrary exploitable information leakage by comparing architectural and microarchitectural information flows. Paired with the RandOS fuzzer, MileSan found 19 new vulnerabilities (13 assigned CVEs) across 5 RISC-V CPUs. Addressing the overfitting issues of existing fuzzers, MileSan offers a novel approach to enhancing CPU security by identifying exploitable microarchitectural leakage without assumptions about the leakage path or triggering programs.