EUVD-2026-23957CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) contains an improper exceptional-condition handling flaw in its CSR subsystem (NewCSR). On affected versions, certain sequences of CSR operations targeting non-existent/custom CSR addresses may trigger an illegal-instruction exception but fail to reliably transfer control to the configured trap handler (mtvec), causing control-flow disruption and potentially leaving the core in a hung or unrecoverable state. This can be exploited by a local attacker able to execute code on the processor to cause a denial of service and potentially inconsistent architectural state.
AnalysisAI
Control-flow disruption in XiangShan open-source RISC-V processor allows local authenticated attackers to trigger denial of service through malformed CSR operations that fail to properly invoke trap handlers. Affected commits from November 2024 contain improper exception handling in the NewCSR subsystem that can leave the processor core in a hung state when targeting non-existent CSR addresses. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory any development systems or CI/CD pipelines using XiangShan commits from November 2024 onward and assess user access controls. Within 7 days: Restrict non-essential user access to affected XiangShan environments pending remediation. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today