The lowRISC team and Ibex community (including the OpenTitan partnership) take security issues seriously.
We appreciate all efforts to find security vulnerabilities in Ibex and ask that responsible disclosure is practiced should you discover a potential vulnerability.
As Ibex and in particular its secure configuration was developed as part of OpenTitan contact security@opentitan.org to report any security issues and do not open a public issue. security@opentitan.org will advise on the coordinated vulnerability disclosure (CVD) procedure.