The flaw originates from improper handling of exceptional conditions within the CSR subsystem (NewCSR). When a sequence of CSR operations targets a non‑existent or custom CSR address, the processor may raise an illegal‑instruction exception but fails to reliably transfer control to the configured trap handler (mtvec). This control‑flow disruption can leave the core hung or in an unrecoverable state, providing a local attacker who can execute code on the processor with the ability to trigger a denial of service and potentially corrupt architectural state.

The affected platform is the XiangShan open‑source high‑performance RISC‑V processor identified by the commit edb1dfaf7d290ae99724594507dc46c2c2125384 released on 2024‑11‑28. No vendor‑specific product names or version ranges are publicly listed; the flaw applies to the indicated commit and any derived builds that have not applied the fix.

The vulnerability is exploitable only in environments where an attacker has local code‑execution privilege on the processor, as the flaw requires the ability to issue malformed CSR instructions. The CVSS score of 7.1 indicates a medium severity, while the EPSS score of <1% suggests low likelihood of exploitation. The flaw is not listed in the CISA KEV catalog. While the impacted asset is a single core, the denial of service could affect systems that rely on that core for critical workloads. The risk is considered medium to high in contexts where local attackers are a concern and no mitigation is in place.