CVE-2026-29642

Published: Apr 20, 2026

Modified: Apr 21, 2026

PUBLISHED

Description

A local attacker who can execute privileged CSR operations (or can induce firmware to do so) performs carefully crafted reads/writes to menvcfg (e.g., csrrs in M-mode). On affected XiangShan versions (commit aecf601e803bfd2371667a3fb60bfcd83c333027, 2024-11-19), these menvcfg accesses can unexpectedly set WPRI (reserved) bits in the status view (xstatus) to 1. RISC-V defines WPRI fields as "writes preserve values, reads ignore values," i.e., they must not be modified by software manipulating other fields, and menvcfg itself contains multiple WPRI fields.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/OpenXiangShan/XiangShan/issues/3934

https://github.com/OpenXiangShan/XiangShan/commit/5e3dd63

https://docs.riscv.org/reference/isa/priv/priv-csrs.html

https://docs.riscv.org/reference/isa/priv/machine.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-29642

Description

Affected Products

References