CVE-2026-29644

UNKNOWN 0.0

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

XiangShan (open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) has improper gating of its distributed CSR write-enable path, allowing illegal CSR write attempts to alter custom PMA (Physical Memory Attribute) CSR state. Though the RISC-V privileged specification requires an illegal-instruction exception for non-existent/illegal CSR accesses, affected XiangShan versions may still propagate such writes to replicated PMA configuration state. Local attackers able to execute code on the core (privilege context depends on system integration) can exploit this to tamper with memory-attribute enforcement, potentially leading to privilege escalation, information disclosure, or denial of service depending on how PMA enforces platform security and isolation boundaries.

Vendor	n/a
Product	n/a
Published	Apr 21, 2026
Last Updated	Apr 21, 2026

Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new unknown vulnerabilities affecting n/a n/a are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

n/a / n/a

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/OpenXiangShan/XiangShan/issues/3959 docs.riscv.org: https://docs.riscv.org/reference/isa/priv/priv-csrs.html github.com: https://github.com/OpenXiangShan/XiangShan/commit/2b1f9796aa98597e5eeac32e5bb1418496987ca4 github.com: https://github.com/OpenXiangShan/XiangShan/commit/edb1dfaf7d290ae99724594507dc46c2c2125384 xiangshan-doc-test.readthedocs.io: https://xiangshan-doc-test.readthedocs.io/next/memory/mmu/pmp_pma/