CVE-2026-29644

Source
https://cve.org/CVERecord?id=CVE-2026-29644
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-29644.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-29644
Published
2026-04-21T00:00:00Z
Modified
2026-07-15T01:48:56.575193598Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
[none]
Details

XiangShan (open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) has improper gating of its distributed CSR write-enable path, allowing illegal CSR write attempts to alter custom PMA (Physical Memory Attribute) CSR state. Though the RISC-V privileged specification requires an illegal-instruction exception for non-existent/illegal CSR accesses, affected XiangShan versions may still propagate such writes to replicated PMA configuration state. Local attackers able to execute code on the core (privilege context depends on system integration) can exploit this to tamper with memory-attribute enforcement, potentially leading to privilege escalation, information disclosure, or denial of service depending on how PMA enforces platform security and isolation boundaries.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/29xxx/CVE-2026-29644.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/openxiangshan/xiangshan

Affected ranges

Type
GIT
Repo
https://github.com/openxiangshan/xiangshan
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "source": "REFERENCES"
}

Affected versions

v3.*
v3.2.2-alpha

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-29644.json"