216.73.217.22

CVE-2026-29642

· Published 20/04/2026 21:16 · Modified 21/04/2026 20:16

Labels: CVE-2026-29642 2026-04-20CVE-2026-29642CWE-1244[email protected]

Essential information

Published
20/04/2026 21:16
Modified
21/04/2026 20:16
Author
Creator
CVSS
7.8 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

A local attacker who can execute privileged CSR operations (or can induce firmware to do so) performs carefully crafted reads/writes to menvcfg (e.g., csrrs in M-mode). On affected XiangShan versions (commit aecf601e803bfd2371667a3fb60bfcd83c333027, 2024-11-19), these menvcfg accesses can unexpectedly set WPRI (reserved) bits in the status view (xstatus) to 1. RISC-V defines WPRI fields as "writes preserve values, reads ignore values," i.e., they must not be modified by software manipulating other fields, and menvcfg itself contains multiple WPRI fields.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
xiangshan / menvcfg cpe:2.3:a:xiangshan:menvcfg:aecf601e803bfd2371667a3fb60bfcd83c333027:*:*:*:*:*:*:*
xiangshan / menvcfg cpe:2.3:a:xiangshan:menvcfg:*:*:*:*:*:*:*:*
riscv / menvcfg cpe:2.3:a:riscv:menvcfg:*:*:*:*:*:*:*:*

References