Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/04/21 1:22 a.m.7 views

CVE-2026-29648

In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restrict access to henvcfg and senvcfg. As a result, less-privileged code may read or write these CSRs without the required exception, potentially bypassing intended state-enable based isolation control...

8.8CVSS5.8AI score0.00319EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/21 1:22 a.m.7 views

CVE-2026-29647

In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References1
NVD
NVD
added 2026/04/20 9:16 p.m.6 views

CVE-2026-29647

In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling...

6.5CVSS0.00231EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/20 12:0 a.m.33 views

CVE-2026-29648

In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restrict access to henvcfg and senvcfg. As a result, less-privileged code may read or write these CSRs without the required exception, potentially bypassing intended state-enable based isolation control...

0.00319EPSS
Exploits0References3
CVE
CVE
added 2026/04/20 12:0 a.m.9 views

CVE-2026-29647

CVE-2026-29647 affects OpenXiangShan NEMU. The issue is insufficient Smstateen permission enforcement, allowing lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared. This can enable cross-context information leakage or disruption of interrupt ha...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/20 12:0 a.m.5 views

CVE-2026-29646

In OpenXiangShan NEMU prior to 55295c4, when running with RVH Hypervisor extension enabled, a VS-mode guest write to the supervisor interrupt-enable CSR sie may be handled incorrectly and can influence machine-level interrupt enable state mie. This breaks privilege/virtualization isolation and ca...

5.7AI score0.00365EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/04/20 12:0 a.m.3 views

CVE-2026-29648

In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restrict access to henvcfg and senvcfg. As a result, less-privileged code may read or write these CSRs without the required exception, potentially bypassing intended state-enable based isolation control...

5.8AI score0.00319EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/20 12:0 a.m.5 views

CVE-2026-29648

In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restrict access to henvcfg and senvcfg. As a result, less-privileged code may read or write these CSRs without the required exception, potentially bypassing intended state-enable based isolation control...

5.8AI score0.00319EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.4 views

PT-2026-33841

In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restrict access to henvcfg and senvcfg. As a result, less-privileged code may read or write these CSRs without the required exception, potentially bypassing intended state-enable based isolation control...

8.8CVSS5.8AI score0.00319EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/20 12:0 a.m.5 views

CVE-2026-29647

In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling...

5.8AI score0.00231EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.5 views

PT-2026-33840

In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References5
Rows per page
Query Builder