CVE-2026-29647

Name of the Vulnerable Software and Affected Versions OpenXiangShan NEMU (affected versions not specified)

Description Insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state through the 'stopei' and 'vstopei' CSRs, even when the mstateen0.IMSIC variable is cleared. This may lead to cross-context information leakage or the disruption of interrupt handling.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.