Notes

• Vulnerability allows host to write arbitrary code to guest memory via sys_read
• All guest programs using affected versions are at risk, breaking zk guarantees
• Fix has been applied to risc0-zkvm versions 2.3.2 and 3.0.3, removing unsafe pointer operations
• Developers need to update Cargo.toml with related crate versions and rebuild application
• RISC Zero proof system and circuits are not affected, no prover action needed
• Projects using risc0-aggregation or RiscZeroSetVerifier need to upgrade to >=0.9 version

• 漏洞允许主机通过sys_read写入guest任意内存位置，执行任意代码
• 所有使用受影响版本的guest程序均存在风险，严重破坏ZK保证
• 修复已应用于risc0-zkvm版本2.3.2和3.0.3，移除不安全指针运算
• 开发者需更新Cargo.toml中相关crate版本并重建应用
• RISC Zero proof系统和电路未受影响，无需prover行动
• 使用risc0-aggregation或RiscZeroSetVerifier的项目需升级至>=0.9版本