CVE-2026-29646
Privilege Escalation via CSR Write Flaw in OpenXiangShan NEMU
Publication date: 2026-04-20
Last updated on: 2026-04-21
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openxiangshan | nemu | to 55295c4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-267 | A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in OpenXiangShan NEMU versions prior to commit 55295c4 when running with the RVH (Hypervisor extension) enabled. Specifically, a VS-mode guest's write to the supervisor interrupt-enable CSR (sie) may be handled incorrectly, which can improperly influence the machine-level interrupt enable state (mie).
This flaw breaks the expected privilege and virtualization isolation, meaning that the guest operating system running in virtual supervisor mode can affect machine-level interrupt settings that it should not have access to.
How can this vulnerability impact me? :
The vulnerability can lead to denial of service or privilege-boundary violations in environments that rely on NEMU for correct interrupt virtualization.
Because the guest can improperly influence machine-level interrupt enable state, it may disrupt normal system operation or escalate privileges beyond intended boundaries.