CVE-2026-29642

Name of the Vulnerable Software and Affected Versions XiangShan version aecf601e803bfd2371667a3fb60bfcd83c333027

Description A local attacker with the ability to execute privileged Control and Status Register (CSR) operations, or who can induce firmware to do so, can perform crafted reads and writes to menvcfg (such as csrrs in M-mode). This can cause the WPRI (reserved) bits in the status view (xstatus) to be unexpectedly set to 1. In the RISC-V architecture, WPRI fields are defined as writes preserve values and reads ignore values, meaning they should not be modified when software manipulates other fields.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.