Description

XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) contains an improper exceptional-condition handling flaw in its CSR subsystem (NewCSR). On affected versions, certain sequences of CSR operations targeting non-existent/custom CSR addresses may trigger an illegal-instruction exception but fail to reliably transfer control to the configured trap handler (mtvec), causing control-flow disruption and potentially leaving the core in a hung or unrecoverable state. This can be exploited by a local attacker able to execute code on the processor to cause a denial of service and potentially inconsistent architectural state.

INFO

Published Date :

2026-04-20T00:00:00.000Z

Last Modified :

2026-04-21T19:50:32.463Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2026-29643 vulnerability.

Vendors Products
Openxiangshan
  • Xiangshan
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-29643.

URL Resource
https://docs.riscv.org/reference/isa/priv/machine.html cve-icon cve-icon
https://docs.riscv.org/reference/isa/priv/priv-csrs.html cve-icon cve-icon
https://github.com/OpenXiangShan/XiangShan/issues/3959 cve-icon cve-icon cve-icon
https://github.com/OpenXiangShan/XiangShan/pull/3966 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact