CVE-2026-29647: n/a
In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling.
AI Analysis
Technical Summary
This vulnerability in OpenXiangShan NEMU arises from inadequate permission checks on Smstateen, permitting lower-privileged code to read IMSIC state via stopei/vstopei CSRs despite mstateen0.IMSIC being cleared. This flaw may enable information leakage across contexts or disrupt interrupt handling mechanisms. The vulnerability is published but lacks a CVSS score and vendor remediation details.
Potential Impact
The vulnerability allows unauthorized lower-privileged code to access sensitive IMSIC state information and potentially disrupt interrupt handling. This could compromise system integrity by leaking cross-context information or causing interrupt processing issues. No confirmed exploitation in the wild is reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, monitor vendor communications for updates. No specific mitigations are provided in the available data.
CVE-2026-29647: n/a
Description
In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in OpenXiangShan NEMU arises from inadequate permission checks on Smstateen, permitting lower-privileged code to read IMSIC state via stopei/vstopei CSRs despite mstateen0.IMSIC being cleared. This flaw may enable information leakage across contexts or disrupt interrupt handling mechanisms. The vulnerability is published but lacks a CVSS score and vendor remediation details.
Potential Impact
The vulnerability allows unauthorized lower-privileged code to access sensitive IMSIC state information and potentially disrupt interrupt handling. This could compromise system integrity by leaking cross-context information or causing interrupt processing issues. No confirmed exploitation in the wild is reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, monitor vendor communications for updates. No specific mitigations are provided in the available data.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-03-04T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e6941f19fe3cd2cd32c482
Added to database: 4/20/2026, 9:01:19 PM
Last enriched: 4/20/2026, 9:17:01 PM
Last updated: 4/21/2026, 7:09:27 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.