The XiangShan RISC-V processor commit edb1dfaf7d290ae99724594507dc46c2c2125384 contains a vulnerability where improper gating of the distributed CSR write-enable path permits illegal CSR write attempts to alter the custom PMA CSR state. Although the RISC-V privileged specification mandates an illegal-instruction exception for illegal CSR accesses, affected versions of XiangShan may still propagate these writes to replicated PMA configuration state. This can be exploited by local attackers with code execution on the core to manipulate memory attribute enforcement, potentially impacting platform security and isolation boundaries. The vulnerability affects the processor's handling of privileged instructions related to PMA configuration and may lead to privilege escalation, information disclosure, or denial of service depending on system integration and enforcement mechanisms. There is no CVSS score or vendor advisory specifying remediation or patch availability.

The vulnerability allows local attackers with code execution on the affected XiangShan processor core to tamper with the Physical Memory Attribute CSR state via illegal CSR writes that bypass expected exceptions. This can undermine memory attribute enforcement, potentially resulting in privilege escalation, unauthorized information disclosure, or denial of service. The actual impact depends on how the PMA enforces platform security and isolation boundaries in the specific system integration. No known exploits are reported in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary mitigation is currently documented. Until a patch is available, system integrators and users should be aware of the risk posed by local code execution and consider restricting untrusted code execution privileges on affected XiangShan cores.