This vulnerability arises from improper handling of writes to the menvcfg register in affected XiangShan RISC-V implementations. When privileged CSR operations (e.g., csrrs in M-mode) are executed, the menvcfg accesses can unexpectedly set WPRI (Write Preserves) bits in the xstatus register to 1. According to the RISC-V specification, WPRI bits are reserved and must not be altered by software manipulating other fields; they should preserve their values on writes and be ignored on reads. The incorrect modification of these reserved bits can lead to undefined or unintended processor state behavior. The issue is present in XiangShan versions as of commit aecf601e803bfd2371667a3fb60bfcd83c333027 dated 2024-11-19. The vulnerability requires local privileged access and has a CVSS 3.1 score of 7.8 with high impact on confidentiality, integrity, and availability.

The vulnerability allows a local attacker with limited privileges to perform crafted CSR operations that can corrupt reserved bits in the processor's status register. This corruption can lead to undefined processor behavior, potentially impacting system confidentiality, integrity, and availability. Because the WPRI bits are reserved and should not be modified, their unexpected alteration may cause unpredictable side effects in firmware or software relying on correct processor state. The CVSS score of 7.8 reflects a high severity due to the potential for significant system compromise if exploited.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary workaround has been published at this time. Until a patch is available, limit local privileged access to trusted users only and monitor for unusual behavior related to CSR operations. Avoid executing untrusted firmware or software that could induce privileged CSR operations.