GoldenFuzz Framework Boosts Hardware Fuzzing Efficiency and Uncovers New RISC-V Vulnerabilities

Global: GoldenFuzz Framework Boosts Hardware Fuzzing Efficiency and Uncovers New RISC-V Vulnerabilities

A new arXiv preprint (arXiv:2512.21524) introduces GoldenFuzz, a two‑stage hardware fuzzing framework designed to accelerate vulnerability discovery in complex processor designs. The authors propose a workflow that separates test case refinement from coverage exploration, aiming to reduce computational overhead while maintaining high semantic awareness.

Two‑Stage Fuzzing Architecture

GoldenFuzz employs an ISA‑compliant Golden Reference Model (GRM) that acts as a digital twin of the Device Under Test (DUT). By fuzzing the GRM first, the system can quickly generate and refine test cases without invoking slow device simulations, reserving the more expensive DUT evaluation for a narrowed set of promising inputs.

Test Case Generation and Feedback Loop

The framework constructs test cases by concatenating instruction blocks selected for their inter‑ and intra‑instruction characteristics. A feedback‑driven mechanism evaluates both high‑coverage and low‑coverage samples, guiding the iterative refinement process toward deeper architectural state exploration.

Evaluation on RISC-V Processors

The authors assess GoldenFuzz on three open‑source RISC‑V cores—RocketChip, BOOM, and CVA6—and compare its performance against existing hardware fuzzers. The study measures coverage, test case length, and computational resources required for each approach.

Performance and Coverage Gains

Results indicate that GoldenFuzz achieves the highest code coverage among the tested tools while using shorter test sequences and consuming less processing time. The two‑stage methodology reportedly reduces overall computational overhead relative to traditional simulation‑heavy fuzzers.

Newly Discovered Vulnerabilities

In addition to reproducing all previously known flaws, GoldenFuzz identifies five novel vulnerabilities, four of which receive CVSS v3 severity scores above 7.0. The framework also uncovers two previously unreported issues in the commercial BA51‑H core extension.

Broader Impact

The authors suggest that the decoupled refinement strategy could be applied to a wider range of hardware platforms, potentially improving the scalability of security testing for emerging processor architectures.

This report is based on information from arXiv, licensed under Academic Preprint / Open Access. Based on the abstract of the research paper. Full text available via ArXiv.