SiFive encourages you to report potential security vulnerabilities in our products to the PSIRT. To report a vulnerability, please email psirt@sifive.com.

If confidentiality is required, use our SiFive PSIRT PGP Public key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEZ46BihYJKwYBBAHaRw8BAQdAVaeYmmereg3MU3CAuxKdO+oRWcHBgvdNhU9/
j6oDKpi0H1NpRml2ZSBQU0lSVCA8cHNpcnRAc2lmaXZlLmNvbT6ImQQTFgoAQRYh
BHYZnS2EkggG5vKcuZPq25kJbudEBQJnjoGKAhsDBQkFo5qABQsJCAcCAiICBhUK
CQgLAgQWAgMBAh4HAheAAAoJEJPq25kJbudEMzgA/2RdpV9Badht0QM41bQCY0Sz
Gp2QiebDJdeUY//h0uLdAP0X/OcvmBkZE6ZZg4hPUaCBc0D2NhoWPC5DwvvJ4FaO
CLg4BGeOgYoSCisGAQQBl1UBBQEBB0BVA5V+haevVI/f8lmRnIxYzu75JAQYMwjV
qVcI+YBRLwMBCAeIfgQYFgoAJhYhBHYZnS2EkggG5vKcuZPq25kJbudEBQJnjoGK
AhsMBQkFo5qAAAoJEJPq25kJbudE7O0A/0dooRNN5mD9b575mzSqbzQs7Lf8n4m2
sRfNEi4gdmSoAPwMpkw2afn6bAtAgfSBhxSBrXZYs50VqQ6zccf/uP5bCQ==
=ghJ4
-----END PGP PUBLIC KEY BLOCK-----

Please use English language and include the following information in your report:

1. Product and version: Specify the affected SiFive product and its version number, if known
2. Vulnerability details: Provide a detailed description of the vulnerability, including steps to reproduce it and a Proof-Of-Concept.
3. Impact assessment: Describe the potential impact of the vulnerability if exploited.
4. Contact information: Provide your name, your organization and contact information so we can communicate with you.