CVE-2026-29649

Name of the Vulnerable Software and Affected Versions NEMU (affected versions not specified)

Description An implementation flaw exists in the RISC-V Hypervisor CSR handling. The henvcfg[7:4] fields, which relate to CBIE, CBCFE, and CBZE, are incorrectly masked or updated based on menvcfg[7:4]. Consequently, a machine-mode write to menvcfg can implicitly modify the hypervisor environment configuration. This may result in incorrect enforcement of virtualization configuration, potentially causing unexpected traps or denial of service during the execution of cache-block management instructions in virtualized contexts where V=1.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.