CVE-2026-29644

Name of the Vulnerable Software and Affected Versions XiangShan versions prior to commit edb1dfaf7d290ae99724594507dc46c2c2125384

Description Improper gating of the distributed CSR write-enable path allows illegal CSR write attempts to alter custom PMA (Physical Memory Attribute) CSR state. While the RISC-V privileged specification requires an illegal-instruction exception for non-existent or illegal CSR accesses, affected versions may propagate these writes to replicated PMA configuration state. Local attackers with code execution capabilities on the core can tamper with memory-attribute enforcement, which may lead to privilege escalation, information disclosure, or denial of service, depending on how the PMA enforces platform security and isolation boundaries.

Recommendations Update to commit edb1dfaf7d290ae99724594507dc46c2c2125384 or a newer version.