CVE 9.8 CRITICAL

CVE-2026-29649_CVE-2026-29649

April 21, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

NEMU contains an implementation flaw in its RISC-V Hypervisor CSR handling where henvcfg[7:4] (CBIE/CBCFE/CBZE-related fields) is incorrectly masked/updated based on menvcfg[7:4], so a machine-mode write to menvcfg can implicitly modify the hypervisor's environment configuration. This can lead to incorrect enforcement of virtualization configuration and may cause unexpected traps or denial of service when executing cache-block management instructions in virtualized contexts (V=1).

AI Analysis

Implementation flaw in RISC-V Hypervisor CSR handling leading to incorrect virtualization configuration enforcement and potential denial of service

Basic Information

ID CVE-2026-29649

Source mitre

Published Apr 20, 2026 at 00:00

Modified Apr 21, 2026 at 19:51

Affected Product

Vendor OpenXiangShan

Product NEMU

Version n/a

Affected Versions n/a n/a n/a

CWE Classification

CWE-693

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor OpenXiangShan

Product NEMU

Version n/a

References

{
    "lastseen": "",
    "description": "NEMU contains an implementation flaw in its RISC-V Hypervisor CSR handling where henvcfg[7:4] (CBIE/CBCFE/CBZE-related fields) is incorrectly masked/updated based on menvcfg[7:4], so a machine-mode write to menvcfg can implicitly modify the hypervisor's environment configuration. This can lead to incorrect enforcement of virtualization configuration and may cause unexpected traps or denial of service when executing cache-block management instructions in virtualized contexts (V=1).",
    "published": "2026-04-20T00:00:00.000Z",
    "modified": "2026-04-21T19:51:00.279Z",
    "type": "cve",
    "title": "CVE-2026-29649",
    "source": "mitre",
    "references": "https://github.com/OpenXiangShan/NEMU/issues/681\nhttps://github.com/OpenXiangShan/NEMU/pull/689\nhttps://docs.riscv.org/reference/isa/priv/machine.html\nhttps://docs.riscv.org/reference/isa/priv/hypervisor.html",
    "id": "CVE-2026-29649",
    "bulletinFamily": "",
    "cwe": [
        "CWE-693"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "NEMU",
    "version": "n/a",
    "vendor": "OpenXiangShan",
    "ai_description": "Implementation flaw in RISC-V Hypervisor CSR handling leading to incorrect virtualization configuration enforcement and potential denial of service",
    "ai_severity": "Critical",
    "ai_vendor": "OpenXiangShan",
    "ai_product": "NEMU",
    "ai_version": "n/a",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply