HIGHCVE-2026-29648Published 2026-04-20Modified 2026-04-21CNA mitre

CVE-2026-29648: In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0

In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restrict access to henvcfg and senvcfg. As a result, less-privileged code may read or write these CSRs without the required exception, potentially bypassing intended state-enable based isolation controls in virtualized or multi-privilege environments.

CVSS v3.1: 8.8
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

n/a / n/a
n/a

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

github.com
github.com
docs.riscv.org

Metrics