VYPR

Xiangshan

by OpenXiangShan

Source repositories

CVEs (7)

  • CVE-2026-29648HigApr 20, 2026
    risk 0.50cvss 8.8epss 0.00

    In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restrict access to henvcfg and senvcfg. As a result, less-privileged code may read or write these CSRs without the required exception, potentially bypassing intended state-enable based…

  • CVE-2026-29642HigApr 20, 2026
    risk 0.44cvss 7.8epss 0.00

    A local attacker who can execute privileged CSR operations (or can induce firmware to do so) performs carefully crafted reads/writes to menvcfg (e.g., csrrs in M-mode). On affected XiangShan versions (commit aecf601e803bfd2371667a3fb60bfcd83c333027, 2024-11-19), these menvcfg…

  • CVE-2026-29643HigApr 20, 2026
    risk 0.39cvss 7.1epss 0.00

    XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) contains an improper exceptional-condition handling flaw in its CSR subsystem (NewCSR). On affected versions, certain sequences of CSR operations targeting…

  • CVE-2026-29647MedApr 20, 2026
    risk 0.35cvss 6.5epss 0.00

    In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling.

  • CVE-2026-29644MedApr 21, 2026
    risk 0.27cvss 5.3epss 0.00

    XiangShan (open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) has improper gating of its distributed CSR write-enable path, allowing illegal CSR write attempts to alter custom PMA (Physical Memory Attribute) CSR state.…

  • CVE-2025-63094Dec 10, 2025
    risk 0.00cvss epss 0.00

    XiangShan Nanhu V2 and XiangShan Kunmighu V3 were discovered to use speculative execution and indirect branch prediction, allowing attackers to access sensitive information via side-channel analysis of the data cache.

  • CVE-2023-50559Dec 29, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in XiangShan v2.1, allows local attackers to obtain sensitive information via the L1D cache.