Vulnerability Description
XiangShan (open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) has improper gating of its distributed CSR write-enable path, allowing illegal CSR write attempts to alter custom PMA (Physical Memory Attribute) CSR state. Though the RISC-V privileged specification requires an illegal-instruction exception for non-existent/illegal CSR accesses, affected XiangShan versions may still propagate such writes to replicated PMA configuration state. Local attackers able to execute code on the core (privilege context depends on system integration) can exploit this to tamper with memory-attribute enforcement, potentially leading to privilege escalation, information disclosure, or denial of service depending on how PMA enforces platform security and isolation boundaries.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://docs.riscv.org/reference/isa/priv/priv-csrs.html
- https://github.com/OpenXiangShan/XiangShan/commit/2b1f9796aa98597e5eeac32e5bb141
- https://github.com/OpenXiangShan/XiangShan/commit/edb1dfaf7d290ae99724594507dc46
- https://github.com/OpenXiangShan/XiangShan/issues/3959
- https://xiangshan-doc-test.readthedocs.io/next/memory/mmu/pmp_pma/
- https://github.com/OpenXiangShan/XiangShan/issues/3959
FAQ
What is CVE-2026-29644?
CVE-2026-29644 is a vulnerability with a CVSS score of 5.3 (MEDIUM). XiangShan (open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) has improper gating of its distributed CSR write-enable path, allowing illegal CS...
How severe is CVE-2026-29644?
CVE-2026-29644 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-29644?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.