CVE-2026-29643
Received Received - Intake
Improper Exception Handling in XiangShan CSR Causes DoS

Publication date: 2026-04-20

Last updated on: 2026-04-21

Assigner: MITRE

Description
XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) contains an improper exceptional-condition handling flaw in its CSR subsystem (NewCSR). On affected versions, certain sequences of CSR operations targeting non-existent/custom CSR addresses may trigger an illegal-instruction exception but fail to reliably transfer control to the configured trap handler (mtvec), causing control-flow disruption and potentially leaving the core in a hung or unrecoverable state. This can be exploited by a local attacker able to execute code on the processor to cause a denial of service and potentially inconsistent architectural state.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-20
Last Modified
2026-04-21
Generated
2026-06-16
AI Q&A
2026-04-21
EPSS Evaluated
2026-06-15
NVD
CVE-2026-29643
EUVD
EUVD-2026-23957
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
xiangshan xiangshan *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-703 The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the XiangShan open-source high-performance RISC-V processor, specifically in its CSR (Control and Status Register) subsystem called NewCSR. Certain sequences of CSR operations that target non-existent or custom CSR addresses may cause an illegal-instruction exception. However, the processor fails to reliably transfer control to the configured trap handler (mtvec) when this happens. This improper handling can disrupt the control flow and potentially leave the processor core in a hung or unrecoverable state.

An attacker who can execute code locally on the processor can exploit this flaw to cause a denial of service or potentially create an inconsistent architectural state.

Impact Analysis

The vulnerability can be exploited by a local attacker to cause a denial of service on the affected processor. This means the processor core could become hung or enter an unrecoverable state, disrupting normal operation.

Additionally, it may lead to an inconsistent architectural state, which could affect the reliability and correctness of the processor's operations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-29643. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart