Xiangshan
Source repositories
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-29648 | Hig | 0.50 | 8.8 | 0.00 | Apr 20, 2026 | In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restrict access to henvcfg and senvcfg. As a result, less-privileged code may read or write these CSRs without the required exception, potentially bypassing intended state-enable based… | ||
| CVE-2026-29642 | Hig | 0.44 | 7.8 | 0.00 | Apr 20, 2026 | A local attacker who can execute privileged CSR operations (or can induce firmware to do so) performs carefully crafted reads/writes to menvcfg (e.g., csrrs in M-mode). On affected XiangShan versions (commit aecf601e803bfd2371667a3fb60bfcd83c333027, 2024-11-19), these menvcfg… | ||
| CVE-2026-29643 | Hig | 0.39 | 7.1 | 0.00 | Apr 20, 2026 | XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) contains an improper exceptional-condition handling flaw in its CSR subsystem (NewCSR). On affected versions, certain sequences of CSR operations targeting… | ||
| CVE-2026-29647 | Med | 0.35 | 6.5 | 0.00 | Apr 20, 2026 | In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling. | ||
| CVE-2026-29644 | Med | 0.27 | 5.3 | 0.00 | Apr 21, 2026 | XiangShan (open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) has improper gating of its distributed CSR write-enable path, allowing illegal CSR write attempts to alter custom PMA (Physical Memory Attribute) CSR state.… | ||
| CVE-2025-63094 | 0.00 | — | 0.00 | Dec 10, 2025 | XiangShan Nanhu V2 and XiangShan Kunmighu V3 were discovered to use speculative execution and indirect branch prediction, allowing attackers to access sensitive information via side-channel analysis of the data cache. | |||
| CVE-2023-50559 | 0.00 | — | 0.00 | Dec 29, 2023 | An issue was discovered in XiangShan v2.1, allows local attackers to obtain sensitive information via the L1D cache. |
- risk 0.50cvss 8.8epss 0.00
In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restrict access to henvcfg and senvcfg. As a result, less-privileged code may read or write these CSRs without the required exception, potentially bypassing intended state-enable based…
- risk 0.44cvss 7.8epss 0.00
A local attacker who can execute privileged CSR operations (or can induce firmware to do so) performs carefully crafted reads/writes to menvcfg (e.g., csrrs in M-mode). On affected XiangShan versions (commit aecf601e803bfd2371667a3fb60bfcd83c333027, 2024-11-19), these menvcfg…
- risk 0.39cvss 7.1epss 0.00
XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) contains an improper exceptional-condition handling flaw in its CSR subsystem (NewCSR). On affected versions, certain sequences of CSR operations targeting…
- risk 0.35cvss 6.5epss 0.00
In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling.
- risk 0.27cvss 5.3epss 0.00
XiangShan (open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) has improper gating of its distributed CSR write-enable path, allowing illegal CSR write attempts to alter custom PMA (Physical Memory Attribute) CSR state.…
- CVE-2025-63094Dec 10, 2025risk 0.00cvss —epss 0.00
XiangShan Nanhu V2 and XiangShan Kunmighu V3 were discovered to use speculative execution and indirect branch prediction, allowing attackers to access sensitive information via side-channel analysis of the data cache.
- CVE-2023-50559Dec 29, 2023risk 0.00cvss —epss 0.00
An issue was discovered in XiangShan v2.1, allows local attackers to obtain sensitive information via the L1D cache.