VYPR

Nemu

by OpenXiangShan

Source repositories

CVEs (5)

  • CVE-2026-29646CriApr 20, 2026
    risk 0.57cvss 9.8epss 0.00

    In OpenXiangShan NEMU prior to 55295c4, when running with RVH (Hypervisor extension) enabled, a VS-mode guest write to the supervisor interrupt-enable CSR (sie) may be handled incorrectly and can influence machine-level interrupt enable state (mie). This breaks…

  • CVE-2026-29649CriApr 20, 2026
    risk 0.57cvss 9.8epss 0.00

    NEMU contains an implementation flaw in its RISC-V Hypervisor CSR handling where henvcfg[7:4] (CBIE/CBCFE/CBZE-related fields) is incorrectly masked/updated based on menvcfg[7:4], so a machine-mode write to menvcfg can implicitly modify the hypervisor's environment…

  • CVE-2026-29648HigApr 20, 2026
    risk 0.50cvss 8.8epss 0.00

    In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restrict access to henvcfg and senvcfg. As a result, less-privileged code may read or write these CSRs without the required exception, potentially bypassing intended state-enable based…

  • CVE-2026-29645HigApr 20, 2026
    risk 0.42cvss 7.5epss 0.01

    NEMU (OpenXiangShan/NEMU) before v2025.12.r2 contains an improper instruction-validation flaw in its RISC-V Vector (RVV) decoder. The decoder does not correctly validate the funct3 field when decoding vsetvli/vsetivli/vsetvl, allowing certain invalid OP-V instruction encodings…

  • CVE-2026-29647MedApr 20, 2026
    risk 0.35cvss 6.5epss 0.00

    In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling.