CVE-2026-29643

April 21, 2026, 8:16 p.m.

7.1
High

Description

XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) contains an improper exceptional-condition handling flaw in its CSR subsystem (NewCSR). On affected versions, certain sequences of CSR operations targeting non-existent/custom CSR addresses may trigger an illegal-instruction exception but fail to reliably transfer control to the configured trap handler (mtvec), causing control-flow disruption and potentially leaving the core in a hung or unrecoverable state. This can be exploited by a local attacker able to execute code on the processor to cause a denial of service and potentially inconsistent architectural state.

Product(s) Impacted

Vendor Product Versions
Xiangshan
  • Riscv Processor
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-703
Improper Check or Handling of Exceptional Conditions
The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a xiangshan riscv_processor / / / / / / / /

References

https://docs.riscv.org/reference/isa/priv/machine.html
https://docs.riscv.org/reference/isa/priv/priv-csrs.html
https://github.com/OpenXiangShan/XiangShan/issues/3959
https://github.com/OpenXiangShan/XiangShan/pull/3966
https://github.com/OpenXiangShan/XiangShan/issues/3959

Tags

[email protected]
CWE-703
2026-04-20
CVE-2026-29643

CVSS Score

7.1 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

    View Vector String

Timeline

Published: April 20, 2026, 10:16 p.m.
Last Modified: April 21, 2026, 8:16 p.m.

Status : Deferred

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.