CVE-2026-29643 - Vulnerability Details

Description

XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) contains an improper exceptional-condition handling flaw in its CSR subsystem (NewCSR). On affected versions, certain sequences of CSR operations targeting non-existent/custom CSR addresses may trigger an illegal-instruction exception but fail to reliably transfer control to the configured trap handler (mtvec), causing control-flow disruption and potentially leaving the core in a hung or unrecoverable state. This can be exploited by a local attacker able to execute code on the processor to cause a denial of service and potentially inconsistent architectural state.

Published: 2026-04-20

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The flaw originates from improper handling of exceptional conditions within the CSR subsystem (NewCSR). When a sequence of CSR operations targets a non‑existent or custom CSR address, the processor may raise an illegal‑instruction exception but fails to reliably transfer control to the configured trap handler (mtvec). This control‑flow disruption can leave the core hung or in an unrecoverable state, providing a local attacker who can execute code on the processor with the ability to trigger a denial of service and potentially corrupt architectural state.

Affected Systems

The affected platform is the XiangShan open‑source high‑performance RISC‑V processor identified by the commit edb1dfaf7d290ae99724594507dc46c2c2125384 released on 2024‑11‑28. No vendor‑specific product names or version ranges are publicly listed; the flaw applies to the indicated commit and any derived builds that have not applied the fix.

Risk and Exploitability

The vulnerability is exploitable only in environments where an attacker has local code‑execution privilege on the processor, as the flaw requires the ability to issue malformed CSR instructions. No public exploits are documented and the EPSS score is not available. The flaw is not listed in the CISA KEV catalog. While the impacted asset is a single core, the denial of service could impact systems that rely on that core for critical workloads. The risk is considered medium to high in contexts where local attackers are a concern and no mitigation is in place.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

Vendor Product Confidence Versions

Openxiangshan

Xiangshan

90%

Version	Status	Scheme	Platform
`edb1dfaf7d290ae99724594507dc46c2c2125384`	affected	code_commit	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check the XiangShan GitHub repository for any updates or patches that address the CSR exception handling flaw.
Apply any identified firmware or microcode updates that correct the improper exception transfer to mtvec.
Restrict the execution of untrusted code on affected RISC‑V cores to prevent local exploitation of the flaw.

Generated by OpenCVE AI on April 21, 2026 at 00:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://docs.riscv.org/reference/isa/priv/machine.html
https://docs.riscv.org/reference/isa/priv/priv-csrs.html
https://github.com/OpenXiangShan/XiangShan/issues/3959
https://github.com/OpenXiangShan/XiangShan/pull/3966

History

Mon, 20 Apr 2026 22:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Openxiangshan Openxiangshan xiangshan
Vendors & Products		Openxiangshan Openxiangshan xiangshan

Mon, 20 Apr 2026 21:45:00 +0000

Type	Values Removed	Values Added
Description		XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) contains an improper exceptional-condition handling flaw in its CSR subsystem (NewCSR). On affected versions, certain sequences of CSR operations targeting non-existent/custom CSR addresses may trigger an illegal-instruction exception but fail to reliably transfer control to the configured trap handler (mtvec), causing control-flow disruption and potentially leaving the core in a hung or unrecoverable state. This can be exploited by a local attacker able to execute code on the processor to cause a denial of service and potentially inconsistent architectural state.
References		https://docs.riscv.org/reference/isa/priv/machine.html https://docs.riscv.org/reference/isa/priv/priv-csrs.html https://github.com/OpenXiangShan/XiangShan/issues/3959 https://github.com/OpenXiangShan/XiangShan/pull/3966

Subscriptions

Openxiangshan Xiangshan

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-04-20T00:00:00.000Z

Updated: 2026-04-20T21:18:39.405Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-29643

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-20T22:16:23.507

Modified: 2026-04-20T22:16:23.507

Link: CVE-2026-29643

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-21T00:15:16Z

Weaknesses

No weakness.

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object