| Component | Before | After (Patch) | |-----------|--------|---------------| | | Edge‑sensitive clear on the 48 MHz domain (possible early clear). | Synchronized clear using a double‑flop synchronizer and assert‑after‑set scheme, guaranteeing the flag is cleared only after the set pulse is fully registered. | | FIFO depth monitoring | Fixed‑depth 16‑entry FIFO. | Added dynamic water‑mark detection – if the write‑pointer–read‑pointer gap falls below 2 entries, an early‑warning interrupt is generated. | | Clock‑domain alignment | Independent PLLs with no deterministic phase relationship. | Introduced a phase‑locked “alignment handshake” at power‑up that forces the 48 MHz clock to be a multiple of the 12 MHz clock (48 MHz = 4 × 12 MHz) with a known phase offset of 0 ns. | | Telemetry | Aggregate error counters only. | New per‑cycle phase‑skew histogram exported via SNMP, enabling proactive monitoring. |
In recent years, the Bangbus Asia Riggs system has undergone significant upgrades and modernization efforts. However, these changes have also introduced new vulnerabilities and risks. The Right Timing Lead vulnerability was discovered during a routine security audit conducted by NAUG in collaboration with the Bangbus Asia development team.