It's astonishing how few technical details are provided in this article (like the nature of the vulnerability, whether it affects RISC-V's design in general or only a specific implementation, and whether it is readily fixable).
I tried to find more details and found that slashdot user st0nerhat had found a more technical summary in Chinese, which you can see translated here:
In particular this is a timing attack like Spectre/Meltdown - looks like there are timing issues with allocation of write port slots when writing to the register file - because division takes so long it's possible to use a late write from division to tell whether a particular speculative branch has been taken or not
There's a CVE table in that article and they seem to have CVEs from a microarchitecture implementing openRISC (entirely different ISA) mixed in there somehow.
This describes a timing attack like Spectre/Meltdown on a particular O/S architecture, not all RISC-V cores - looks like there are timing issues with allocation of write port slots when writing to the register file - because division takes so long it's possible to use a late write from division to tell whether a particular speculative branch has been taken or not
I tried to find more details and found that slashdot user st0nerhat had found a more technical summary in Chinese, which you can see translated here:
https://mp-weixin-qq-com.translate.goog/s/ke8tBpJ7NpvUEAecov...