CVE-2026-29647

· NIST NVD ↗

In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling.

MEDIUM
CVSS severity
6.5
CVSS base score
2026-04-20
Published

CWE codes

CWE-269

Sources