CVE-2026-29643
Published: 20 April 2026
Summary
CVE-2026-29643 is a high-severity Improper Check or Handling of Exceptional Conditions (CWE-703) vulnerability in Riscv (inferred from references). Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 2.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-11 (Error Handling) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the improper exceptional-condition handling flaw in the XiangShan CSR subsystem by applying the available patch from pull request #3966.
Requires secure error handling for exceptional conditions such as illegal CSR accesses, directly addressing the failure to transfer control to the mtvec trap handler.
Ensures the processor fails to a known secure state upon CSR exception handling failures, mitigating hangs and inconsistent architectural state.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The flaw enables local code execution to trigger processor hangs/inconsistent state via crafted CSR ops, directly mapping to application/system exploitation for endpoint DoS.
NVD Description
XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) contains an improper exceptional-condition handling flaw in its CSR subsystem (NewCSR). On affected versions, certain sequences of CSR operations targeting non-existent/custom CSR addresses may trigger an illegal-instruction exception but fail to reliably…
more
transfer control to the configured trap handler (mtvec), causing control-flow disruption and potentially leaving the core in a hung or unrecoverable state. This can be exploited by a local attacker able to execute code on the processor to cause a denial of service and potentially inconsistent architectural state.
Deeper analysisAI
CVE-2026-29643 is an improper exceptional-condition handling flaw (CWE-703) in the CSR subsystem, known as NewCSR, of XiangShan, an open-source high-performance RISC-V processor. The vulnerability affects commit edb1dfaf7d290ae99724594507dc46c2c2125384 dated 2024-11-28. In affected versions, specific sequences of CSR operations targeting non-existent or custom CSR addresses trigger an illegal-instruction exception but fail to reliably transfer control to the configured trap handler (mtvec), resulting in control-flow disruption that can leave the core in a hung or unrecoverable state.
A local attacker with the ability to execute code on the processor (AV:L/PR:L) can exploit this issue with low complexity and no user interaction required. Successful exploitation causes a denial of service by disrupting core operation and may lead to inconsistent architectural state, with high impacts on integrity (I:H) and availability (A:H) but no confidentiality impact (C:N). The CVSS v3.1 base score is 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).
The issue is documented in XiangShan GitHub issue #3959, with a patch available in pull request #3966. Related RISC-V specifications are referenced in the privileged ISA documentation for machine mode (mtvec) and private CSRs.
Details
- CWE(s)