216.73.216.226

CVE-2026-29643

· Published 20/04/2026 22:16 · Modified 21/04/2026 20:16

Labels: CVE-2026-29643 2026-04-20CVE-2026-29643CWE-703[email protected]

Essential information

Published
20/04/2026 22:16
Modified
21/04/2026 20:16
Author
Creator
CVSS
7.1 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CVSS metrics

Description

XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) contains an improper exceptional-condition handling flaw in its CSR subsystem (NewCSR). On affected versions, certain sequences of CSR operations targeting non-existent/custom CSR addresses may trigger an illegal-instruction exception but fail to reliably transfer control to the configured trap handler (mtvec), causing control-flow disruption and potentially leaving the core in a hung or unrecoverable state. This can be exploited by a local attacker able to execute code on the processor to cause a denial of service and potentially inconsistent architectural state.

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
xiangshan / riscv processor cpe:2.3:a:xiangshan:riscv_processor:*:*:*:*:*:*:*:*

References